Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/02/16 9:22 p.m.•2 views

CVE-2026-2474

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

7.5CVSS6AI score0.00295EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/16 3:18 p.m.•3 views

CVE-2026-2447

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2...

8.8CVSS7.3AI score0.006EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/16 3:18 p.m.•6 views

CVE-2026-2032

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1...

4.3CVSS5.9AI score0.0015EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23187

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-domains Fix out-of-range access of bc-domains in imx8mblkctrlremove...

7.1CVSS5.7AI score0.00117EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•5 views

CVE-2026-23197

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or I2CSMBUSBLOCKMAX, the length handler sets the state to IMXI2CSTATEFAILED. However, i2cimxmasterisr unconditionally...

5.5CVSS5.7AI score0.001EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23194

In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•5 views

CVE-2026-23203

In the Linux kernel, the following vulnerability has been resolved: net: cpswnew: Execute ndosetrxmode callback in a work queue Commit 1767bb2d47b7 "ipv6: mcast: Don't hold RTNL for IPV6ADDMEMBERSHIP and MCASTJOINGROUP." removed the RTNL lock for IPV6ADDMEMBERSHIP and MCASTJOINGROUP operations...

5.5CVSS5.9AI score0.001EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•2 views

CVE-2026-23185

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mloscanstartwk mloscanstartwk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queue issu...

7.8CVSS5.7AI score0.00127EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23179

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmettcplistendataready When the socket is closed while in TCPLISTEN a callback is run to flush all outstanding packets, which in turns calls nvmettcplistendataready with the skcallbacklock held. So we ne...

5.7AI score0.00167EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23207

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread with the spinlock. Without this protection, the...

4.7CVSS5.7AI score0.00088EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•3 views

CVE-2026-23188

In the Linux kernel, the following vulnerability has been resolved: net: usb: r8152: fix resume reset deadlock rtl8152 can trigger device reset during reset which potentially can result in a deadlock: DPM device timeout after 10 seconds; 15 seconds until panic Call Trace: schedule+0x483/0x1370...

5.5CVSS5.7AI score0.0009EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•5 views

CVE-2026-23201

In the Linux kernel, the following vulnerability has been resolved: ceph: fix oops due to invalid pointer for kfree in parselongname This fixes a kernel oops when reading ceph snapshot directories .snap, for example by simply running ls /mnt/myceph/.snap. The variable str is guarded by freekfree,...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•3 views

CVE-2026-23175

In the Linux kernel, the following vulnerability has been resolved: net: cpsw: Execute ndosetrxmode callback in a work queue Commit 1767bb2d47b7 "ipv6: mcast: Don't hold RTNL for IPV6ADDMEMBERSHIP and MCASTJOINGROUP." removed the RTNL lock for IPV6ADDMEMBERSHIP and MCASTJOINGROUP operations...

7CVSS5.9AI score0.00108EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23204

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

7.1CVSS5.7AI score0.00117EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•7 views

CVE-2025-71223

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix refcount leak in smb2open When ksmbdvfsgetattr fails, the reference count of ksmbdfile must be released...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23208

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rate 22050 / pps 1000, and packsize0 22 packsize1 23. The buffer size for each data URB is maxpacksize...

7.8CVSS5.7AI score0.00121EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•5 views

CVE-2026-23177

In the Linux kernel, the following vulnerability has been resolved: mm, shmem: prevent infinite loop on truncate race When truncating a large swap entry, shmemfreeswap returns 0 when the entry's index doesn't match the given index due to lookup alignment. The failure fallback path checks if the...

5.8AI score0.00166EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•5 views

CVE-2026-23178

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2chidgetreport i2chidxfer is used to read recvlen + sizeofle16 bytes of data into ihid-rawbuf. The former can come from the userspace in the hidraw driver and is only bounded by...

7.8CVSS5.9AI score0.00142EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•5 views

CVE-2026-23183

In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: fix NULL pointer dereference when setting max An issue was triggered: BUG: kernel NULL pointer dereference, address: 0000000000000000 PF: supervisor read access in kernel mode PF: errorcode0x0000 - not-present page P...

5.7AI score0.00155EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•7 views

CVE-2025-71204

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix refcount leak in parsedurablehandlecontext When the command is a replay operation and -ENOEXEC is returned, the refcount of ksmbdfile must be released...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•2 views

CVE-2025-71221

In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmppdma: Fix race condition in mmppdmaresidue Add proper locking in mmppdmaresidue to prevent use-after-free when accessing descriptor list and descriptor contents. The race occurs when multiple threads call txstatus...

7CVSS5.7AI score0.00095EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•3 views

CVE-2026-23195

In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: avoid pool UAF An UAF issue was observed: BUG: KASAN: slab-use-after-free in pagecounteruncharge+0x65/0x150 Write of size 8 at addr ffff888106715440 by task insmod/527 CPU: 4 UID: 0 PID: 527 Comm: insmod...

7.8CVSS5.7AI score0.0011EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•7 views

CVE-2025-71222

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skbpush This avoids occasional skbunderpanic Oops from wl1271txwork. In this case, headroom is less than needed typically 110 - 94 = 16 bytes...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References15
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•3 views

CVE-2026-23198

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't clobber irqfd routing type when deassigning irqfd When deassigning a KVMIRQFD, don't clobber the irqfd's copy of the IRQ's routing entry as doing so breaks kvmarchirqbypassdelproducer on x86 and arm64, which explicitly...

7.8CVSS5.6AI score0.00124EPSS
Exploits0References15
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23202

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer in tegraqspicombinedseqxfer The currxfer field is read by the IRQ handler without holding the lock to check if a transfer is in progress. When clearing currxfer in the combined sequence transf...

5.5CVSS5.9AI score0.00111EPSS
Exploits0References15
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•5 views

CVE-2026-23176

In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshibahaps: Fix memory leaks in add/remove routines toshibahapsadd leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshibahapsremove does not free the object...

5.8AI score0.00173EPSS
Exploits0References15
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2025-71220

In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbdsessionrpcclose on error path in createsmb2pipe When ksmbdiovpinrsp fails, we should call ksmbdsessionrpcclose...

7.8CVSS5.7AI score0.0013EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2025-71224

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rxnosta when interface is not joined ieee80211ocbrxnosta assumes a valid channel context, which is only present after JOINOCB. RX may run before JOINOCB is executed, in which case the OCB interface is no...

5.7AI score0.00173EPSS
Exploits0References15
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23182

In the Linux kernel, the following vulnerability has been resolved: spi: tegra: Fix a memory leak in tegraslinkprobe In tegraslinkprobe, when platformgetirq fails, it directly returns from the function with an error code, which causes a memory leak. Replace it with a goto label to ensure proper...

5.7AI score0.00173EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•3 views

CVE-2026-23206

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZEROSIZEPTR dereference when numifs is zero The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc with ethsw-swattr.numifs as the element count. When the device reports zero interfaces...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23190

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References15
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23180

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for ifid in IRQ handler The IRQ handler extracts ifid from the upper 16 bits of the hardware status register and uses it to index into ethsw-ports without validation. Since ifid can be any 16-bit...

7CVSS5.7AI score0.00126EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•1 views

CVE-2026-23193

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...

8.8CVSS5.7AI score0.0024EPSS
Exploits0References15
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•6 views

CVE-2026-23205

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2openfile Reproducer: 1. server: directories are exported read-only 2. client: mount -t cifs //$serverip/export /mnt 3. client: dd if=/dev/zero of=/mnt/file bs=512 count=1000 oflag=direct 4...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•6 views

CVE-2026-23196

In the Linux kernel, the following vulnerability has been resolved: HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer Add DMA buffer readiness check before reading DMA buffer to avoid unexpected NULL pointer accessing...

5.5CVSS5.8AI score0.001EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•3 views

CVE-2026-23192

In the Linux kernel, the following vulnerability has been resolved: linkwatch: use devput in callers to prevent UAF After linkwatchdodev calls devput to release the linkwatch reference, the device refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees an empt...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23184

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in bindernetlinkreport Oneway transactions sent to frozen targets via binderproctransaction return a BRTRANSACTIONPENDINGFROZEN error but they are still treated as successful since the target is expected to thaw a...

7.8CVSS5.7AI score0.0012EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•7 views

CVE-2026-23181

In the Linux kernel, the following vulnerability has been resolved: btrfs: sync read disk super and set block size When the user performs a btrfs mount, the block device is not set correctly. The user sets the block size of the block device to 0x4000 by executing the BLKBSZSET command. Since the...

5.8AI score0.00156EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•7 views

CVE-2026-23199

In the Linux kernel, the following vulnerability has been resolved: procfs: avoid fetching build ID while holding VMA lock Fix PROCMAPQUERY to fetch optional build ID only after dropping mmaplock or per-VMA lock, whichever was used to lock VMA under question, to avoid deadlock reported by syzbot:...

5.5CVSS5.7AI score0.0009EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•5 views

CVE-2026-23210

In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi-rxrings. The sequence was: 1. iceptpprepareforreset cancels PTP work 2...

4.7CVSS5.7AI score0.00106EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•3 views

CVE-2026-23186

In the Linux kernel, the following vulnerability has been resolved: hwmon: acpipowermeter Fix deadlocks related to acpipowermeternotify The acpipowermeter driver's .notify callback function, acpipowermeternotify, calls hwmondeviceunregister under a lock that is also acquired by callbacks in sysfs...

5.5CVSS5.9AI score0.00088EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•7 views

CVE-2026-23209

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlancommonnewlink valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2 ip lin...

7.8CVSS5.9AI score0.00119EPSS
Exploits0References44
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•6 views

CVE-2025-71203

In the Linux kernel, the following vulnerability has been resolved: riscv: Sanitize syscall table indexing under speculation The syscall number is a user-controlled value used to index into the syscall table. Use arrayindexnospec to clamp this value after the bounds check to prevent speculative...

7CVSS5.7AI score0.00126EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•3 views

CVE-2026-23191

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...

7.8CVSS5.7AI score0.00113EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•3 views

CVE-2026-23174

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: handle changing device dma map requirements The initial state of dmaneedsunmap may be false, but change to true while mapping the data iterator. Enabling swiotlb is one such case that can change the result. The nvme...

5.7AI score0.00155EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•4 views

CVE-2026-23189

In the Linux kernel, the following vulnerability has been resolved: ceph: fix NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has regression starting from 6.18-rc1. We have issue in cephmdsauthmatch if fsname == NULL: const char fsname = mdsc-fsc-mountoptions-mdsnamespace;...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/02/14 5:15 p.m.•9 views

CVE-2026-23200

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix ECMP sibling count mismatch when clearing RTFADDRCONF syzbot reported a kernel BUG in fib6addrt2node when adding an IPv6 route. 0 Commit f72514b3c569 "ipv6: clear RA flags when adding a static route" introduced logic to...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2026/02/14 4:15 p.m.•1 views

CVE-2026-23144

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure When a context DAMON sysfs directory setup is failed after setup of attrs/ directory, subdirectories of attrs/ directory are not cleaned up. As a result, DAMON...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2026/02/14 4:15 p.m.•4 views

CVE-2026-23143

In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix misalignment bug in struct virtnetinfo Use the new TRAILINGOVERLAP helper to fix a misalignment bug along with the following warning: drivers/net/virtionet.c:429:46: warning: structure containing a flexible array...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/14 4:15 p.m.•3 views

CVE-2026-23132

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: synopsys: dw-dp: fix error paths of dwdpbind Fix several issues in dwdpbind error handling: 1. Missing return after drmbridgeattach failure - the function continued execution instead of returning an error. 2. Resource...

5.5CVSS5.9AI score0.00116EPSS
Exploits0References4
Total number of security vulnerabilities68528