Skip to main content

Linux

12819 CVEs vendor

Monthly

CVE-2026-23248 HIGH PATCH This Week

A race condition in the Linux kernel's perf_mmap() function creates a use-after-free vulnerability when concurrent threads attempt to access a ring buffer during failed memory mapping operations. The vulnerability affects Linux kernel versions across 6.18.17, 6.19.7, and 7.0-rc2, allowing a local attacker with standard user privileges to trigger refcount saturation warnings and potential kernel crashes via denial of service. This issue was discovered by Syzkaller fuzzing and has patches available across multiple stable kernel branches.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23247 MEDIUM PATCH This Month

This vulnerability is an information disclosure issue in the Linux kernel's TCP implementation where the timestamp offset calculation was insufficiently randomized, allowing off-path attackers to leak TCP source ports via a SYN cookie side-channel attack. All Linux kernel versions from 4.11 onwards are affected, with confirmed vulnerable versions including Linux 6.18.17, 6.19.7, and 7.0-rc3. An attacker can exploit this to infer source port numbers used in TCP connections without being on the network path, which can facilitate further network-level attacks such as connection hijacking or targeted DoS.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23246 HIGH PATCH This Week

A stack out-of-bounds write vulnerability exists in the Linux kernel's mac80211 WiFi subsystem in the ieee80211_ml_reconfiguration function, where the link_id parameter extracted from the ML Reconfiguration element is not properly bounds-checked before being used as an array index. The vulnerability affects Linux kernel versions across multiple release branches (6.5 through 7.0-rc2), allowing an attacker with network proximity to craft a malicious WiFi frame to trigger a buffer overflow and potentially cause denial of service or code execution. While no CVSS score or EPSS data is currently published, the vulnerability has been assigned EUVD-2026-12809 and patches are available across stable kernel branches.

Linux Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23245 HIGH PATCH This Week

Race condition in Linux kernel's Traffic Control act_gate scheduler allows local authenticated users to trigger memory corruption and potentially execute arbitrary code or cause denial of service. Affects Linux kernel 5.8+ through 6.19.x and 7.0-rc3. Vulnerability arises when concurrent gate action replacement occurs during hrtimer callback or dump operations, creating a use-after-free scenario. No active exploitation confirmed (EPSS 0.02%, not in CISA KEV). Vendor patches available across multiple stable branches including 6.18.18, 6.19.8, and 7.0-rc3.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23244 HIGH PATCH This Week

A memory allocation vulnerability exists in the Linux kernel's NVMe Persistent Reservation implementation where the nvme_pr_read_keys() function fails to properly handle large num_keys values passed from userspace, resulting in excessive memory allocation attempts up to 4MB that trigger page allocator warnings and potential denial of service. This affects Linux kernel versions across multiple stable branches (6.5, 6.12.77, 6.18.17, 6.19.7, and 7.0-rc3) and requires local access with ioctl privileges to trigger. The vulnerability is addressed through replacement of kzalloc() with kvzalloc() to support larger allocations via vmalloc fallback, and patches are available across multiple kernel stable branches.

Linux Information Disclosure Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23243 HIGH PATCH This Week

A negative integer underflow vulnerability exists in the Linux kernel's RDMA/umad subsystem where the ib_umad_write function fails to validate user-controlled data_len calculations, allowing a mismatch between user MAD header size and RMPP header length to produce negative values. This negative data_len can propagate to ib_create_send_mad() and trigger an out-of-bounds memset in alloc_send_rmpp_list(), causing kernel memory corruption and denial of service. The vulnerability affects Linux kernel versions from 2.6.24 through multiple stable branches (5.10, 5.15, 6.1, 6.6, 6.12, 6.18, 6.19) and requires local access to RDMA user-mode interface to exploit, with patches available across multiple stable kernel versions as referenced in the git commits.

Linux Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23242 HIGH PATCH This Week

A null pointer dereference vulnerability exists in the Linux kernel's RDMA/siw (Software iWARP) module in the TCP receive data path handler. When siw_get_hdr() returns an error before initializing the receive FPDU context, the error handling code attempts to dereference qp->rx_fpdu without null checking, potentially causing a kernel panic and denial of service. The vulnerability affects multiple Linux kernel versions across stable branches (5.10, 5.15, 6.1, 6.6, 6.12, and others) and has been patched across numerous kernel releases.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-71267 MEDIUM PATCH This Month

A denial-of-service vulnerability exists in the Linux kernel's ntfs3 file system driver where a malformed NTFS image with a zero-sized ATTR_LIST attribute triggers an infinite loop during file system mount operations. The vulnerability affects Linux kernel versions across multiple stable branches (5.15, 6.1, 6.6, 6.12, 6.18, 6.19, and 7.0-rc1) and can cause the kernel to hang indefinitely, preventing normal system operation. An attacker can exploit this by providing a crafted NTFS image file that triggers the loop when mounted, requiring no special privileges and resulting in complete denial of service for affected systems.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71266 MEDIUM PATCH This Month

An infinite loop vulnerability exists in the Linux kernel's ntfs3 filesystem implementation that allows attackers to trigger a denial-of-service condition through malformed NTFS directory entries. A crafted dentry with the HAS_SUB_NODE flag and manipulated VCN pointer can cause the indx_find() function to repeatedly allocate 4 KB memory blocks without proper loop detection, leading to memory exhaustion and kernel out-of-memory crashes. The vulnerability affects multiple stable Linux kernel versions across 5.15, 6.1, 6.6, 6.12, 6.18, and 6.19 series, and patches have been released for all affected branches.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71265 MEDIUM PATCH This Month

An infinite loop vulnerability exists in the Linux kernel's NTFS3 file system implementation within the attr_load_runs_range() function, triggered by inconsistent metadata where an attribute header claims to be empty (evcn=-1) while directory entries reference it as containing actual data. This vulnerability affects Linux kernel versions across multiple stable branches (5.15, 6.1, 6.6, 6.12, 6.18, 6.19, and 7.0-rc1) and can be exploited by an attacker mounting a malformed NTFS image to cause a Denial-of-Service condition by inducing infinite CPU consumption in kernel space.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23241 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class.

Linux Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71239 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute class of audit.

Linux Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31890 MEDIUM This Month

Silent event loss in Inspektor Gadget prior to 0.50.1 allows local attackers to cause denial of service by filling the 256KB ring-buffer, which triggers undetected data drops without alerting users or administrators. When the buffer becomes full, gadgets silently discard events and fail to report the loss count, potentially hiding critical system events from Kubernetes cluster and Linux host monitoring. A local attacker with limited privileges can exploit this to obscure malicious activity or system anomalies by saturating the instrumentation buffer.

Linux Kubernetes Denial Of Service Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-15038 This Week

An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL  request, potentially leading to a disclosure of kernel information or a system crash.

Linux
NVD VulDB
EPSS
0.0%
CVE-2025-15037 Monitor

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver.

Linux RCE Information Disclosure
NVD VulDB
EPSS
0.0%
CVE-2026-23240 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit.

Linux Information Disclosure Race Condition
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23239 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit.

Linux Information Disclosure Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28494 NuGet HIGH PATCH This Week

High severity vulnerability in ImageMagick. A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption.

Linux Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-14027 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-28718 HIGH This Week

Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.

Linux Windows Denial Of Service Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28716 MEDIUM This Month

Improper authorization checks in Acronis Cyber Protect 17 (Linux, Windows) before build 41186 allow local authenticated users to access sensitive information and modify data. This medium-severity vulnerability requires local access and user privileges but poses no availability risk. No patch is currently available for this issue.

Linux Windows Information Disclosure Cyber Protect
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2026-28715 MEDIUM This Month

Improper authorization checks in Acronis Cyber Protect 17 (Linux and Windows) before build 41186 allow authenticated users to access sensitive information they should not have permission to view. An attacker with valid credentials can exploit this vulnerability to disclose confidential data without performing any additional actions. No patch is currently available for this medium-severity issue.

Linux Windows Information Disclosure Cyber Protect
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28710 CRITICAL Act Now

Improper authentication in Acronis Cyber Protect 17.

Linux Windows Information Disclosure Cyber Protect
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28709 MEDIUM This Month

Acronis Cyber Protect 17 on Linux and Windows before build 41186 contains an authorization bypass that allows authenticated users to manipulate resources they should not have access to. The vulnerability requires valid credentials and network access but poses a moderate risk of unauthorized data modification within the affected environment.

Linux Windows Cyber Protect
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13350 This Week

Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two references; on Ubuntu Linux 6.8 (Noble Numbat) kernel tree, they have only the queue reference, so the buffer is freed while still reachable and subsequent queue walks dereference freed memory, yielding a reliable local privile...

Linux Ubuntu Use After Free Privilege Escalation Linux Kernel
NVD
EPSS
0.0%
CVE-2025-70616 HIGH POC This Week

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH]

Linux Buffer Overflow Denial Of Service Privilege Escalation Wnbios64.Sys
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25702 HIGH PATCH This Week

Improper access control in the Linux kernel affects SUSE Linux Enterprise Server 12 SP5, causing nftables firewall rules to become ineffective and allowing network traffic to bypass intended filtering policies. An unauthenticated remote attacker can exploit this vulnerability to circumvent firewall protections without user interaction. No patch is currently available for this vulnerability.

Linux Linux Enterprise Server Suse
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-29128 CRITICAL POC Act Now

Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.

IoT BGP Privilege Escalation Information Disclosure Credential Stuffing +2
NVD
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-29123 HIGH POC This Week

Local privilege escalation in IDC SFX2100 firmware affects Linux systems through a SUID binary vulnerable to PATH hijacking, symlink abuse, and shared object hijacking. A local attacker can exploit this to gain root-level privileges, and public exploit code is available. No patch is currently available to address this HIGH severity vulnerability.

Linux Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23238 MEDIUM POC PATCH CISA This Month

The Linux kernel's romfs filesystem fails to validate the return value of sb_set_blocksize(), allowing a local attacker with user privileges to trigger a denial of service by mounting a romfs image on a loop device configured with an incompatible block size. Public exploit code exists for this vulnerability. The flaw causes the filesystem to proceed with an invalid superblock configuration, potentially leading to system crashes or filesystem corruption.

Linux Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23237 MEDIUM PATCH This Month

The Linux kernel's Classmate laptop driver lacks NULL pointer checks in sysfs attribute handlers, allowing local users to trigger a denial of service by accessing device attributes before driver initialization completes. A premature sysfs access can cause the driver to dereference a NULL pointer when retrieving uninitialized device data, crashing the affected system.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23236 HIGH PATCH CISA This Week

The Linux kernel fbdev smscufx driver fails to properly copy user-supplied data to kernel memory in the UFX_IOCTL_REPORT_DAMAGE ioctl handler, instead directly referencing userspace memory which can be manipulated or invalidated. A local attacker with appropriate privileges can exploit this to cause a denial of service by triggering kernel memory access violations or crashes. No patch is currently available for this medium-severity vulnerability.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-23235 HIGH PATCH This Week

Local privilege escalation in Linux kernel f2fs sysfs attributes allows unprivileged users to trigger out-of-bounds memory access and cause denial of service by writing oversized integer values to filesystem control interfaces. The vulnerability stems from improper bounds checking when mapping sysfs attributes to kernel structures of varying integer sizes, enabling attackers to corrupt kernel memory and crash the system. No patch is currently available for this vulnerability.

Linux Buffer Overflow Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23234 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's f2fs filesystem allows a local attacker with user privileges to trigger memory corruption and crash the system through a race condition between I/O completion and filesystem unmount operations. The vulnerability occurs when a loop device completes write operations concurrently with an unmount that frees filesystem structures still being accessed by pending I/O handlers. This issue has no available patch and requires kernel-level access to exploit.

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23233 HIGH POC PATCH This Week

F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available.

Linux Google Buffer Overflow Memory Corruption Linux Kernel +3
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23232 MEDIUM PATCH This Month

A revert of a Linux kernel patch introduces a potential deadlock condition in the f2fs filesystem when concurrent write operations and checkpoint operations occur, allowing a local user with write permissions to cause a denial of service through system hang. The vulnerability affects the Linux kernel's f2fs module and requires low privileges to trigger. No patch is currently available to address this issue.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71238 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access in kernel mode [5353358.825195] #PF: error_code(0x0002) - not-present page [5353358.825196] PGD 100006067 P4D 0 [5353358.825198] Oops: 0002 [#1] PREEMPT SMP NOPTI [5353358.825200] CPU: 5 PID: 2132085 Comm: qlafwupdate.sub Kdump: loaded Tainted: G W L ------- --- 5.14.0-503.34.1.el9_5.x86_64 #1 [5353358.825203] Hardware name: HPE ProLiant DL360 Gen11/ProLiant DL360 Gen11, BIOS 2.44 01/17/2025 [5353358.825204] RIP: 0010:memcpy_erms+0x6/0x10 [5353358.825211] RSP: 0018:ff591da8f4f6b710 EFLAGS: 00010246 [5353358.825212] RAX: ff5f5e897b024000 RBX: 0000000000007090 RCX: 0000000000001000 [5353358.825213] RDX: 0000000000001000 RSI: ff591da8f4fed090 RDI: ff5f5e897b024000 [5353358.825214] RBP: 0000000000010000 R08: ff5f5e897b024000 R09: 0000000000000000 [5353358.825215] R10: ff46cf8c40517000 R11: 0000000000000001 R12: 0000000000008090 [5353358.825216] R13: ff591da8f4f6b720 R14: 0000000000001000 R15: 0000000000000000 [5353358.825218] FS: 00007f1e88d47740(0000) GS:ff46cf935f940000(0000) knlGS:0000000000000000 [5353358.825219] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [5353358.825220] CR2: ff5f5e897b024000 CR3: 0000000231532004 CR4: 0000000000771ef0 [5353358.825221] PKRU: 55555554 [5353358.825222] Call Trace: [5353358.825223] <TASK> [5353358.825224] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825229] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825232] ? sg_copy_buffer+0xc8/0x110 [5353358.825236] ? __die_body.cold+0x8/0xd [5353358.825238] ? page_fault_oops+0x134/0x170 [5353358.825242] ? kernelmode_fixup_or_oops+0x84/0x110 [5353358.825244] ? exc_page_fault+0xa8/0x150 [5353358.825247] ? asm_exc_page_fault+0x22/0x30 [5353358.825252] ? memcpy_erms+0x6/0x10 [5353358.825253] sg_copy_buffer+0xc8/0x110 [5353358.825259] qla2x00_process_vendor_specific+0x652/0x1320 [qla2xxx] [5353358.825317] qla24xx_bsg_request+0x1b2/0x2d0 [qla2xxx] Most routines in qla_bsg.c call bsg_done() only for success cases.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23231 HIGH POC PATCH CISA Act Now

A use-after-free vulnerability in the Linux kernel's netfilter nf_tables chain registration allows local attackers with user privileges to trigger memory corruption and cause a denial of service, potentially leading to privilege escalation. The flaw occurs when hook registration fails during chain addition, allowing concurrent operations to access freed memory without proper RCU synchronization. The vulnerability affects systems running vulnerable Linux kernels with netfilter enabled, and no patch is currently available.

Linux Use After Free Information Disclosure Memory Corruption
NVD VulDB Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
Threat
5.1
CVE-2026-3351 Go MEDIUM POC PATCH This Month

Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authenticated users with restricted privileges to enumerate all certificate fingerprints trusted by the server. Public exploit code exists for this vulnerability. While this enables information disclosure with limited impact, it could facilitate further attacks by revealing trust relationships on the system.

Linux Lxd Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2751 HIGH This Week

Blind SQL injection in Centreon Web's Service Dependencies module allows authenticated attackers to extract sensitive database information through unsanitized array keys in deletion requests. This vulnerability affects Centreon Web versions before 25.10.8, 24.10.20, and 24.04.24 on Linux systems, requiring valid credentials but no user interaction to exploit. No patch is currently available, leaving affected deployments vulnerable to database reconnaissance and potential data exfiltration.

Linux SQLi Centreon Web
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-28372 HIGH POC PATCH This Week

Inetutils versions up to 2.7 is affected by inclusion of functionality from untrusted control sphere (CVSS 7.4).

Linux Privilege Escalation Inetutils
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-28208 Maven MEDIUM POC PATCH This Month

Junrar versions prior to 7.5.8 contain a path traversal vulnerability in LocalFolderExtractor that allows attackers to write arbitrary files to the filesystem when processing malicious RAR archives on Linux/Unix systems. Public exploit code exists for this vulnerability, which can facilitate remote code execution through file overwrite attacks such as modifying shell profiles or cron jobs. Users should upgrade to version 7.5.8 or later to remediate this issue.

Linux Java RCE Path Traversal Junrar +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-27975 CRITICAL PATCH Act Now

Unauthenticated remote code execution in Ajenti server admin panel before 2.2.13. Unauthenticated users can gain full server access. Patch available.

Linux Ajenti
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27884 MEDIUM This Month

NetExec's spider_plus module prior to version 1.5.1 fails to sanitize path traversal characters in SMB share filenames, allowing remote attackers to write or overwrite arbitrary files on Linux systems when the DOWNLOAD feature is enabled. The vulnerability requires user interaction to trigger the malicious SMB share crawl and currently has no available patch. Organizations using NetExec should disable the DOWNLOAD=true option as a temporary mitigation.

Linux Path Traversal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20048 HIGH This Week

Improper SNMP request parsing in Cisco Nexus 9000 Series switches running ACI mode allows authenticated remote attackers to trigger kernel panics and device reloads by sending specially crafted queries to specific MIBs. An attacker with valid SNMP read-only community credentials can exploit this vulnerability across SNMP versions 1, 2c, and 3 to achieve denial of service. No patch is currently available for this vulnerability.

Cisco Linux SNMP Denial Of Service
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-33181 HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 7.3 HIGH]

Linux Privilege Escalation Nvos Cumulus Linux
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-33180 HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 8.0 HIGH]

Linux Privilege Escalation Nvos Cumulus Linux
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-33179 HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 8.0 HIGH]

Linux Privilege Escalation Nvos Cumulus Linux
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-10010 MEDIUM This Month

Cryptopro Secure Disk contains a vulnerability that allows attackers to execute arbitrary code in the context of the root user and enables an attacker t (CVSS 6.8).

Linux RCE Cryptopro Secure Disk Windows Linux Kernel
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-2664 HIGH This Week

Local privilege escalation via out-of-bounds memory read in Docker Desktop's grpcfuse kernel module (versions up to 4.61.0) on Linux, Windows, and macOS allows authenticated local attackers to achieve complete system compromise through manipulation of /proc/docker entries. The vulnerability requires local access and valid user credentials but enables reading and modifying arbitrary kernel memory with high impact on confidentiality, integrity, and availability. Docker Desktop 4.62.0 and later resolve this issue.

Linux Windows macOS Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27212 npm HIGH POC PATCH This Week

Prototype pollution in Swiper versions 6.5.1 through 12.1.1 allows local authenticated attackers to manipulate Object.prototype through improperly validated user input, enabling authentication bypass, denial of service, and remote code execution. Public exploit code exists for this vulnerability, which affects applications on Linux and Windows using Node.js or Bun runtimes. A patch is available and should be applied immediately to affected systems processing untrusted input.

Linux Denial Of Service Authentication Bypass Swiper
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-27211 CRITICAL PATCH Act Now

Arbitrary host file exfiltration from Cloud Hypervisor VMM versions 34.0-50.0. CVSS 10.0. Patch available.

KVM Linux Information Disclosure Path Traversal Docker +2
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-30416 CRITICAL Act Now

Missing authorization in Acronis Cyber Protect 16 allows sensitive data access. CVSS 10.0.

Linux Windows Cyber Protect
NVD
CVSS 3.0
10.0
EPSS
0.0%
CVE-2025-30412 CRITICAL Act Now

Second improper authentication in Acronis Cyber Protect 16. CVSS 10.0.

Linux Windows Cyber Protect
NVD
CVSS 3.0
10.0
EPSS
0.0%
CVE-2025-30411 CRITICAL Act Now

Improper authentication in Acronis Cyber Protect 16. CVSS 10.0.

Linux Windows Cyber Protect
NVD
CVSS 3.0
10.0
EPSS
0.0%
CVE-2025-30410 CRITICAL Act Now

Missing authentication in Acronis Cyber Protect Cloud Agent (Linux, Windows, macOS).

Linux Windows macOS
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2026-26201 Go HIGH POC PATCH This Week

emp3r0r C2 framework versions prior to 3.21.2 crash due to unsynchronized concurrent map access in Go goroutines, allowing attackers with network access to trigger denial of service against the C2 infrastructure. Public exploit code exists for this vulnerability. The issue is resolved in version 3.21.2 and later.

Linux Golang Denial Of Service Emp3r0r Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-26030 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in Microsoft Semantic Kernel Python SDK before 1.39.4. Code injection in the AI orchestration framework. Patch available.

Microsoft Linux Python RCE AI / ML +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-1272 HIGH PATCH This Week

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. [CVSS 7.7 HIGH]

Linux Red Hat Suse Linux Kernel
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-23230 HIGH PATCH CISA This Week

Linux kernel SMB client denial of service vulnerability caused by concurrent bitfield updates in the cached_fid structure that can corrupt flag states through read-modify-write races. A local attacker with standard privileges can trigger this race condition to cause availability disruptions by forcing inconsistent flag states in cached file handle management. No patch is currently available for this medium-severity issue.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23229 MEDIUM PATCH CISA This Month

The Linux kernel's virtio-crypto driver lacks proper synchronization when handling virtqueue notifications from multiple processes, causing data corruption and system hangs when processing cryptographic operations concurrently. Local attackers with user privileges can trigger denial of service by running parallel crypto workloads, as demonstrated through multi-process OpenSSL benchmarks that expose race conditions in the virtcrypto_done_task() handler. No patch is currently available for this medium-severity vulnerability affecting systems running virtio-crypto with builtin backends.

Linux OpenSSL Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23228 MEDIUM PATCH CISA This Month

The Linux kernel ksmbd server leaks the active_num_conn counter when kthread_run() fails during TCP connection initialization, allowing local authenticated users to exhaust connection tracking resources and cause a denial of service. The vulnerability stems from improper cleanup that fails to decrement the counter when freeing the transport structure. No patch is currently available for this medium-severity issue.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23227 HIGH PATCH This Week

Use-after-free in Linux kernel's Exynos Virtual Display (drm/exynos vidi) driver allows local authenticated users to potentially execute arbitrary code, escalate privileges, or cause denial of service. The vulnerability stems from missing lock protection during concurrent memory allocation/deallocation operations in the vidi_context structure. EPSS score of 0.02% indicates low observed exploitation probability. Vendor patches available across multiple kernel stable branches.

Linux Use After Free Information Disclosure Samsung Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23226 HIGH PATCH This Week

The Linux kernel ksmbd subsystem contains a use-after-free vulnerability in multi-channel session handling due to missing synchronization on the ksmbd_chann_list xarray, allowing a local attacker with user privileges to cause memory corruption and potentially execute arbitrary code. The vulnerability affects the channel lookup and deletion operations between multiple concurrent sessions. A patch is available to add proper locking mechanisms to protect xarray access.

Linux Use After Free Memory Corruption Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23225 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code.

Linux Information Disclosure Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23224 HIGH PATCH This Week

The Linux kernel erofs file system contains a use-after-free vulnerability in direct I/O file-backed mount operations that allows local attackers with user privileges to cause memory corruption and potentially achieve code execution or denial of service. The vulnerability occurs when accessing files through the directio option, where freed memory is subsequently accessed during I/O operations. A patch is not currently available, making this a critical concern for systems running affected Linux kernel versions.

Linux Information Disclosure Memory Corruption Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23223 HIGH PATCH This Week

Use-after-free vulnerability in Linux kernel XFS subsystem allows local attackers with unprivileged access to cause memory corruption and potential privilege escalation through improper pointer dereferencing in the btree block owner checking function. The flaw stems from attempting to access freed memory due to incorrect temporal ordering of operations when determining cursor aliases. This vulnerability affects all Linux systems using XFS and currently lacks a patch.

Linux Information Disclosure Memory Corruption Use After Free Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23222 HIGH PATCH CISA This Week

Memory allocation errors in the Linux kernel's OMAP crypto driver cause scatterlist objects to be undersized by 4x, enabling local authenticated attackers to trigger denial of service conditions through memory corruption. An attacker with local access and user-level privileges can exploit this miscalculation to crash the system or cause unpredictable kernel behavior. No patch is currently available for this vulnerability.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23221 HIGH PATCH This Week

The Linux kernel's fsl-mc bus driver contains a use-after-free vulnerability in the driver_override_show() function that reads device configuration without proper locking, allowing a local privileged user to trigger memory corruption by concurrently modifying the same data. This vulnerability affects Linux systems running vulnerable kernel versions and could enable local denial of service or potential privilege escalation through heap memory manipulation. No patch is currently available for this issue.

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23220 MEDIUM PATCH CISA This Month

The Linux kernel's ksmbd SMB server implementation contains a denial-of-service vulnerability where failed signature verification on chained SMB2 requests causes an infinite loop due to improper state reset. A local or authenticated attacker can trigger this condition by sending a malformed signed request, causing the ksmbd process to hang and become unresponsive.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71237 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating nblocks if end_block is too small.

Linux Buffer Overflow Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71236 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature [154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete [154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3.

Linux Null Pointer Dereference Denial Of Service Microsoft Linux Kernel +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71235 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71234 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add The driver does not set hw->sta_data_size, which causes mac80211 to allocate insufficient space for driver private station data in __sta_info_alloc().

Linux Memory Corruption Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71233 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71232 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error path to fix system crash System crash seen during load/unload test in a loop, [61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71231 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned.

Linux Information Disclosure Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-71230 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb->s_fs_info is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->s_fs_info.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71229 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() rtw_core_enable_beacon() reads 4 bytes from an address that is not a multiple of 4. This results in a crash on some systems.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23219 MEDIUM PATCH This Month

Memory allocation profiling in the Linux kernel fails to properly clear allocation tags during abort operations when CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled, allowing a local privileged user to trigger a denial of service through kernel warnings and potential system instability. The vulnerability affects the slab memory allocator's interaction with memcg abort handling and requires local access with elevated privileges to exploit. No patch is currently available for this medium-severity issue.

Linux Code Injection Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23218 MEDIUM PATCH This Month

A null pointer dereference in the Linux kernel's loongson-64bit GPIO driver allows local attackers with user privileges to cause a denial of service through an incorrect NULL check that fails to validate chip->irq.parents after memory allocation. The vulnerability affects Linux systems with Loongson GPIO hardware and requires no user interaction to trigger. No patch is currently available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23217 MEDIUM PATCH This Month

A deadlock vulnerability in the Linux kernel's RISC-V tracing subsystem allows local users with tracing privileges to hang the system by enabling ftrace snapshots on __sbi_ecall functions, causing recursive IPI interrupts that trigger infinite snapshot loops. This issue is particularly easy to exploit on RISC-V systems lacking the SSTC extension, where timer events automatically invoke SBI ecalls. The vulnerability requires local access and is only exploitable if tracing is enabled, making it a denial of service vector for systems with active kernel tracing.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23216 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's iSCSI target implementation allows local attackers with low privileges to cause memory corruption and potential denial of service by exploiting a race condition in the connection usage counting mechanism. The flaw occurs when a spinlock is released after calling complete(), allowing a waiting thread to free the connection structure before the current thread finishes its unlock operation. No patch is currently available for this vulnerability.

Linux Use After Free Memory Corruption Information Disclosure Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23215 MEDIUM PATCH This Month

The Linux kernel's VMware hypercall implementation improperly handles register state during mouse events, allowing local attackers with user privileges to trigger a denial of service through a kernel panic via crafted input to the vmmouse driver. The vulnerability stems from incomplete register preservation when the QEMU VMware mouse emulation clears the upper 32 bits of CPU registers containing kernel pointers. No patch is currently available for this medium-severity issue affecting Linux systems running on VMware or QEMU with vmmouse support.

Linux VMware Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23214 MEDIUM PATCH This Month

A denial of service vulnerability in the Linux kernel's btrfs filesystem allows local users with standard privileges to cause a system crash by triggering transaction aborts on read-only mounted filesystems. An attacker can exploit this by mounting a malformed btrfs filesystem with rescue options, causing the kernel to abort transactions with error handling failures during unmount. No patch is currently available for this medium-severity vulnerability.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23213 MEDIUM PATCH This Month

AMD GPU drivers on Linux systems fail to prevent MMIO register access during SMU Mode 1 reset, allowing incomplete PCIe transactions that can trigger NMI panics or system hangs. A local attacker with driver interaction capabilities could exploit this to cause a denial of service by accessing registers while the device is offline. The vulnerability affects Linux kernel implementations with AMD PM functionality and currently lacks an available patch.

Linux Information Disclosure Amd Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23212 MEDIUM PATCH This Month

A data-race condition in the Linux kernel bonding driver's slave->last_rx field can be accessed without proper synchronization, potentially causing a denial of service on systems using bonded network interfaces. Local attackers with limited privileges can trigger the race condition to cause system instability or crashes. A patch is not currently available, and exploitation requires specific timing conditions.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23211 MEDIUM PATCH This Month

Linux kernel swap handling can cause a kernel panic under heavy memory pressure when arch_prepare_to_swap fails due to read-only swap address space restrictions introduced in a prior commit. A local attacker with user privileges can trigger this denial of service condition during memory reclamation operations. No patch is currently available for this medium-severity vulnerability.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71227 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71225 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raid_disks via sysfs In raid1_reshape(), freeze_array() is called before modifying the r1bio memory pool (conf->r1bio_pool) and conf->raid_disks, and unfreeze_array() is called after the update is completed.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A race condition in the Linux kernel's perf_mmap() function creates a use-after-free vulnerability when concurrent threads attempt to access a ring buffer during failed memory mapping operations. The vulnerability affects Linux kernel versions across 6.18.17, 6.19.7, and 7.0-rc2, allowing a local attacker with standard user privileges to trigger refcount saturation warnings and potential kernel crashes via denial of service. This issue was discovered by Syzkaller fuzzing and has patches available across multiple stable kernel branches.

Linux Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

This vulnerability is an information disclosure issue in the Linux kernel's TCP implementation where the timestamp offset calculation was insufficiently randomized, allowing off-path attackers to leak TCP source ports via a SYN cookie side-channel attack. All Linux kernel versions from 4.11 onwards are affected, with confirmed vulnerable versions including Linux 6.18.17, 6.19.7, and 7.0-rc3. An attacker can exploit this to infer source port numbers used in TCP connections without being on the network path, which can facilitate further network-level attacks such as connection hijacking or targeted DoS.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A stack out-of-bounds write vulnerability exists in the Linux kernel's mac80211 WiFi subsystem in the ieee80211_ml_reconfiguration function, where the link_id parameter extracted from the ML Reconfiguration element is not properly bounds-checked before being used as an array index. The vulnerability affects Linux kernel versions across multiple release branches (6.5 through 7.0-rc2), allowing an attacker with network proximity to craft a malicious WiFi frame to trigger a buffer overflow and potentially cause denial of service or code execution. While no CVSS score or EPSS data is currently published, the vulnerability has been assigned EUVD-2026-12809 and patches are available across stable kernel branches.

Linux Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Race condition in Linux kernel's Traffic Control act_gate scheduler allows local authenticated users to trigger memory corruption and potentially execute arbitrary code or cause denial of service. Affects Linux kernel 5.8+ through 6.19.x and 7.0-rc3. Vulnerability arises when concurrent gate action replacement occurs during hrtimer callback or dump operations, creating a use-after-free scenario. No active exploitation confirmed (EPSS 0.02%, not in CISA KEV). Vendor patches available across multiple stable branches including 6.18.18, 6.19.8, and 7.0-rc3.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A memory allocation vulnerability exists in the Linux kernel's NVMe Persistent Reservation implementation where the nvme_pr_read_keys() function fails to properly handle large num_keys values passed from userspace, resulting in excessive memory allocation attempts up to 4MB that trigger page allocator warnings and potential denial of service. This affects Linux kernel versions across multiple stable branches (6.5, 6.12.77, 6.18.17, 6.19.7, and 7.0-rc3) and requires local access with ioctl privileges to trigger. The vulnerability is addressed through replacement of kzalloc() with kvzalloc() to support larger allocations via vmalloc fallback, and patches are available across multiple kernel stable branches.

Linux Information Disclosure Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A negative integer underflow vulnerability exists in the Linux kernel's RDMA/umad subsystem where the ib_umad_write function fails to validate user-controlled data_len calculations, allowing a mismatch between user MAD header size and RMPP header length to produce negative values. This negative data_len can propagate to ib_create_send_mad() and trigger an out-of-bounds memset in alloc_send_rmpp_list(), causing kernel memory corruption and denial of service. The vulnerability affects Linux kernel versions from 2.6.24 through multiple stable branches (5.10, 5.15, 6.1, 6.6, 6.12, 6.18, 6.19) and requires local access to RDMA user-mode interface to exploit, with patches available across multiple stable kernel versions as referenced in the git commits.

Linux Buffer Overflow Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A null pointer dereference vulnerability exists in the Linux kernel's RDMA/siw (Software iWARP) module in the TCP receive data path handler. When siw_get_hdr() returns an error before initializing the receive FPDU context, the error handling code attempts to dereference qp->rx_fpdu without null checking, potentially causing a kernel panic and denial of service. The vulnerability affects multiple Linux kernel versions across stable branches (5.10, 5.15, 6.1, 6.6, 6.12, and others) and has been patched across numerous kernel releases.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial-of-service vulnerability exists in the Linux kernel's ntfs3 file system driver where a malformed NTFS image with a zero-sized ATTR_LIST attribute triggers an infinite loop during file system mount operations. The vulnerability affects Linux kernel versions across multiple stable branches (5.15, 6.1, 6.6, 6.12, 6.18, 6.19, and 7.0-rc1) and can cause the kernel to hang indefinitely, preventing normal system operation. An attacker can exploit this by providing a crafted NTFS image file that triggers the loop when mounted, requiring no special privileges and resulting in complete denial of service for affected systems.

Linux Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An infinite loop vulnerability exists in the Linux kernel's ntfs3 filesystem implementation that allows attackers to trigger a denial-of-service condition through malformed NTFS directory entries. A crafted dentry with the HAS_SUB_NODE flag and manipulated VCN pointer can cause the indx_find() function to repeatedly allocate 4 KB memory blocks without proper loop detection, leading to memory exhaustion and kernel out-of-memory crashes. The vulnerability affects multiple stable Linux kernel versions across 5.15, 6.1, 6.6, 6.12, 6.18, and 6.19 series, and patches have been released for all affected branches.

Linux Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An infinite loop vulnerability exists in the Linux kernel's NTFS3 file system implementation within the attr_load_runs_range() function, triggered by inconsistent metadata where an attribute header claims to be empty (evcn=-1) while directory entries reference it as containing actual data. This vulnerability affects Linux kernel versions across multiple stable branches (5.15, 6.1, 6.6, 6.12, 6.18, 6.19, and 7.0-rc1) and can be exploited by an attacker mounting a malformed NTFS image to cause a Denial-of-Service condition by inducing infinite CPU consumption in kernel space.

Linux Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class.

Linux Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute class of audit.

Linux Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Silent event loss in Inspektor Gadget prior to 0.50.1 allows local attackers to cause denial of service by filling the 256KB ring-buffer, which triggers undetected data drops without alerting users or administrators. When the buffer becomes full, gadgets silently discard events and fail to report the loss count, potentially hiding critical system events from Kubernetes cluster and Linux host monitoring. A local attacker with limited privileges can exploit this to obscure malicious activity or system anomalies by saturating the instrumentation buffer.

Linux Kubernetes Denial Of Service +1
NVD GitHub VulDB
EPSS 0%
This Week

An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL  request, potentially leading to a disclosure of kernel information or a system crash.

Linux
NVD VulDB
EPSS 0%
Monitor

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver.

Linux RCE Information Disclosure
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit.

Linux Information Disclosure Race Condition
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit.

Linux Information Disclosure Race Condition
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

High severity vulnerability in ImageMagick. A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption.

Linux Buffer Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.

Linux Windows Denial Of Service +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper authorization checks in Acronis Cyber Protect 17 (Linux, Windows) before build 41186 allow local authenticated users to access sensitive information and modify data. This medium-severity vulnerability requires local access and user privileges but poses no availability risk. No patch is currently available for this issue.

Linux Windows Information Disclosure +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper authorization checks in Acronis Cyber Protect 17 (Linux and Windows) before build 41186 allow authenticated users to access sensitive information they should not have permission to view. An attacker with valid credentials can exploit this vulnerability to disclose confidential data without performing any additional actions. No patch is currently available for this medium-severity issue.

Linux Windows Information Disclosure +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Improper authentication in Acronis Cyber Protect 17.

Linux Windows Information Disclosure +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Acronis Cyber Protect 17 on Linux and Windows before build 41186 contains an authorization bypass that allows authenticated users to manipulate resources they should not have access to. The vulnerability requires valid credentials and network access but poses a moderate risk of unauthorized data modification within the affected environment.

Linux Windows Cyber Protect
NVD
EPSS 0%
This Week

Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two references; on Ubuntu Linux 6.8 (Noble Numbat) kernel tree, they have only the queue reference, so the buffer is freed while still reachable and subsequent queue walks dereference freed memory, yielding a reliable local privile...

Linux Ubuntu Use After Free +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH]

Linux Buffer Overflow Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Improper access control in the Linux kernel affects SUSE Linux Enterprise Server 12 SP5, causing nftables firewall rules to become ineffective and allowing network traffic to bypass intended filtering policies. An unauthenticated remote attacker can exploit this vulnerability to circumvent firewall protections without user interaction. No patch is currently available for this vulnerability.

Linux Linux Enterprise Server Suse
NVD
EPSS 0% CVSS 10.0
CRITICAL POC Act Now

Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.

IoT BGP Privilege Escalation +4
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Local privilege escalation in IDC SFX2100 firmware affects Linux systems through a SUID binary vulnerable to PATH hijacking, symlink abuse, and shared object hijacking. A local attacker can exploit this to gain root-level privileges, and public exploit code is available. No patch is currently available to address this HIGH severity vulnerability.

Linux Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The Linux kernel's romfs filesystem fails to validate the return value of sb_set_blocksize(), allowing a local attacker with user privileges to trigger a denial of service by mounting a romfs image on a loop device configured with an incompatible block size. Public exploit code exists for this vulnerability. The flaw causes the filesystem to proceed with an invalid superblock configuration, potentially leading to system crashes or filesystem corruption.

Linux Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel's Classmate laptop driver lacks NULL pointer checks in sysfs attribute handlers, allowing local users to trigger a denial of service by accessing device attributes before driver initialization completes. A premature sysfs access can cause the driver to dereference a NULL pointer when retrieving uninitialized device data, crashing the affected system.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

The Linux kernel fbdev smscufx driver fails to properly copy user-supplied data to kernel memory in the UFX_IOCTL_REPORT_DAMAGE ioctl handler, instead directly referencing userspace memory which can be manipulated or invalidated. A local attacker with appropriate privileges can exploit this to cause a denial of service by triggering kernel memory access violations or crashes. No patch is currently available for this medium-severity vulnerability.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Local privilege escalation in Linux kernel f2fs sysfs attributes allows unprivileged users to trigger out-of-bounds memory access and cause denial of service by writing oversized integer values to filesystem control interfaces. The vulnerability stems from improper bounds checking when mapping sysfs attributes to kernel structures of varying integer sizes, enabling attackers to corrupt kernel memory and crash the system. No patch is currently available for this vulnerability.

Linux Buffer Overflow Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's f2fs filesystem allows a local attacker with user privileges to trigger memory corruption and crash the system through a race condition between I/O completion and filesystem unmount operations. The vulnerability occurs when a loop device completes write operations concurrently with an unmount that frees filesystem structures still being accessed by pending I/O handlers. This issue has no available patch and requires kernel-level access to exploit.

Linux Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available.

Linux Google Buffer Overflow +5
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A revert of a Linux kernel patch introduces a potential deadlock condition in the f2fs filesystem when concurrent write operations and checkpoint operations occur, allowing a local user with write permissions to cause a denial of service through system hang. The vulnerability affects the Linux kernel's f2fs module and requires low privileges to trigger. No patch is currently available to address this issue.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access in kernel mode [5353358.825195] #PF: error_code(0x0002) - not-present page [5353358.825196] PGD 100006067 P4D 0 [5353358.825198] Oops: 0002 [#1] PREEMPT SMP NOPTI [5353358.825200] CPU: 5 PID: 2132085 Comm: qlafwupdate.sub Kdump: loaded Tainted: G W L ------- --- 5.14.0-503.34.1.el9_5.x86_64 #1 [5353358.825203] Hardware name: HPE ProLiant DL360 Gen11/ProLiant DL360 Gen11, BIOS 2.44 01/17/2025 [5353358.825204] RIP: 0010:memcpy_erms+0x6/0x10 [5353358.825211] RSP: 0018:ff591da8f4f6b710 EFLAGS: 00010246 [5353358.825212] RAX: ff5f5e897b024000 RBX: 0000000000007090 RCX: 0000000000001000 [5353358.825213] RDX: 0000000000001000 RSI: ff591da8f4fed090 RDI: ff5f5e897b024000 [5353358.825214] RBP: 0000000000010000 R08: ff5f5e897b024000 R09: 0000000000000000 [5353358.825215] R10: ff46cf8c40517000 R11: 0000000000000001 R12: 0000000000008090 [5353358.825216] R13: ff591da8f4f6b720 R14: 0000000000001000 R15: 0000000000000000 [5353358.825218] FS: 00007f1e88d47740(0000) GS:ff46cf935f940000(0000) knlGS:0000000000000000 [5353358.825219] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [5353358.825220] CR2: ff5f5e897b024000 CR3: 0000000231532004 CR4: 0000000000771ef0 [5353358.825221] PKRU: 55555554 [5353358.825222] Call Trace: [5353358.825223] <TASK> [5353358.825224] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825229] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825232] ? sg_copy_buffer+0xc8/0x110 [5353358.825236] ? __die_body.cold+0x8/0xd [5353358.825238] ? page_fault_oops+0x134/0x170 [5353358.825242] ? kernelmode_fixup_or_oops+0x84/0x110 [5353358.825244] ? exc_page_fault+0xa8/0x150 [5353358.825247] ? asm_exc_page_fault+0x22/0x30 [5353358.825252] ? memcpy_erms+0x6/0x10 [5353358.825253] sg_copy_buffer+0xc8/0x110 [5353358.825259] qla2x00_process_vendor_specific+0x652/0x1320 [qla2xxx] [5353358.825317] qla24xx_bsg_request+0x1b2/0x2d0 [qla2xxx] Most routines in qla_bsg.c call bsg_done() only for success cases.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% 5.1 CVSS 7.8
HIGH POC PATCH Act Now

A use-after-free vulnerability in the Linux kernel's netfilter nf_tables chain registration allows local attackers with user privileges to trigger memory corruption and cause a denial of service, potentially leading to privilege escalation. The flaw occurs when hook registration fails during chain addition, allowing concurrent operations to access freed memory without proper RCU synchronization. The vulnerability affects systems running vulnerable Linux kernels with netfilter enabled, and no patch is currently available.

Linux Use After Free Information Disclosure +1
NVD VulDB Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authenticated users with restricted privileges to enumerate all certificate fingerprints trusted by the server. Public exploit code exists for this vulnerability. While this enables information disclosure with limited impact, it could facilitate further attacks by revealing trust relationships on the system.

Linux Lxd Suse
NVD GitHub
EPSS 0% CVSS 8.3
HIGH This Week

Blind SQL injection in Centreon Web's Service Dependencies module allows authenticated attackers to extract sensitive database information through unsanitized array keys in deletion requests. This vulnerability affects Centreon Web versions before 25.10.8, 24.10.20, and 24.04.24 on Linux systems, requiring valid credentials but no user interaction to exploit. No patch is currently available, leaving affected deployments vulnerable to database reconnaissance and potential data exfiltration.

Linux SQLi Centreon Web
NVD
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

Inetutils versions up to 2.7 is affected by inclusion of functionality from untrusted control sphere (CVSS 7.4).

Linux Privilege Escalation Inetutils
NVD
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Junrar versions prior to 7.5.8 contain a path traversal vulnerability in LocalFolderExtractor that allows attackers to write arbitrary files to the filesystem when processing malicious RAR archives on Linux/Unix systems. Public exploit code exists for this vulnerability, which can facilitate remote code execution through file overwrite attacks such as modifying shell profiles or cron jobs. Users should upgrade to version 7.5.8 or later to remediate this issue.

Linux Java RCE +3
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated remote code execution in Ajenti server admin panel before 2.2.13. Unauthenticated users can gain full server access. Patch available.

Linux Ajenti
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

NetExec's spider_plus module prior to version 1.5.1 fails to sanitize path traversal characters in SMB share filenames, allowing remote attackers to write or overwrite arbitrary files on Linux systems when the DOWNLOAD feature is enabled. The vulnerability requires user interaction to trigger the malicious SMB share crawl and currently has no available patch. Organizations using NetExec should disable the DOWNLOAD=true option as a temporary mitigation.

Linux Path Traversal
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Week

Improper SNMP request parsing in Cisco Nexus 9000 Series switches running ACI mode allows authenticated remote attackers to trigger kernel panics and device reloads by sending specially crafted queries to specific MIBs. An attacker with valid SNMP read-only community credentials can exploit this vulnerability across SNMP versions 1, 2c, and 3 to achieve denial of service. No patch is currently available for this vulnerability.

Cisco Linux SNMP +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 7.3 HIGH]

Linux Privilege Escalation Nvos +1
NVD
EPSS 0% CVSS 8.0
HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 8.0 HIGH]

Linux Privilege Escalation Nvos +1
NVD
EPSS 0% CVSS 8.0
HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 8.0 HIGH]

Linux Privilege Escalation Nvos +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cryptopro Secure Disk contains a vulnerability that allows attackers to execute arbitrary code in the context of the root user and enables an attacker t (CVSS 6.8).

Linux RCE Cryptopro Secure Disk +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation via out-of-bounds memory read in Docker Desktop's grpcfuse kernel module (versions up to 4.61.0) on Linux, Windows, and macOS allows authenticated local attackers to achieve complete system compromise through manipulation of /proc/docker entries. The vulnerability requires local access and valid user credentials but enables reading and modifying arbitrary kernel memory with high impact on confidentiality, integrity, and availability. Docker Desktop 4.62.0 and later resolve this issue.

Linux Windows macOS +2
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Prototype pollution in Swiper versions 6.5.1 through 12.1.1 allows local authenticated attackers to manipulate Object.prototype through improperly validated user input, enabling authentication bypass, denial of service, and remote code execution. Public exploit code exists for this vulnerability, which affects applications on Linux and Windows using Node.js or Bun runtimes. A patch is available and should be applied immediately to affected systems processing untrusted input.

Linux Denial Of Service Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Arbitrary host file exfiltration from Cloud Hypervisor VMM versions 34.0-50.0. CVSS 10.0. Patch available.

KVM Linux Information Disclosure +4
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Missing authorization in Acronis Cyber Protect 16 allows sensitive data access. CVSS 10.0.

Linux Windows Cyber Protect
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Second improper authentication in Acronis Cyber Protect 16. CVSS 10.0.

Linux Windows Cyber Protect
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Improper authentication in Acronis Cyber Protect 16. CVSS 10.0.

Linux Windows Cyber Protect
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Missing authentication in Acronis Cyber Protect Cloud Agent (Linux, Windows, macOS).

Linux Windows macOS
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

emp3r0r C2 framework versions prior to 3.21.2 crash due to unsynchronized concurrent map access in Go goroutines, allowing attackers with network access to trigger denial of service against the C2 infrastructure. Public exploit code exists for this vulnerability. The issue is resolved in version 3.21.2 and later.

Linux Golang Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution in Microsoft Semantic Kernel Python SDK before 1.39.4. Code injection in the AI orchestration framework. Patch available.

Microsoft Linux Python +3
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. [CVSS 7.7 HIGH]

Linux Red Hat Suse +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Linux kernel SMB client denial of service vulnerability caused by concurrent bitfield updates in the cached_fid structure that can corrupt flag states through read-modify-write races. A local attacker with standard privileges can trigger this race condition to cause availability disruptions by forcing inconsistent flag states in cached file handle management. No patch is currently available for this medium-severity issue.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel's virtio-crypto driver lacks proper synchronization when handling virtqueue notifications from multiple processes, causing data corruption and system hangs when processing cryptographic operations concurrently. Local attackers with user privileges can trigger denial of service by running parallel crypto workloads, as demonstrated through multi-process OpenSSL benchmarks that expose race conditions in the virtcrypto_done_task() handler. No patch is currently available for this medium-severity vulnerability affecting systems running virtio-crypto with builtin backends.

Linux OpenSSL Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel ksmbd server leaks the active_num_conn counter when kthread_run() fails during TCP connection initialization, allowing local authenticated users to exhaust connection tracking resources and cause a denial of service. The vulnerability stems from improper cleanup that fails to decrement the counter when freeing the transport structure. No patch is currently available for this medium-severity issue.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel's Exynos Virtual Display (drm/exynos vidi) driver allows local authenticated users to potentially execute arbitrary code, escalate privileges, or cause denial of service. The vulnerability stems from missing lock protection during concurrent memory allocation/deallocation operations in the vidi_context structure. EPSS score of 0.02% indicates low observed exploitation probability. Vendor patches available across multiple kernel stable branches.

Linux Use After Free Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The Linux kernel ksmbd subsystem contains a use-after-free vulnerability in multi-channel session handling due to missing synchronization on the ksmbd_chann_list xarray, allowing a local attacker with user privileges to cause memory corruption and potentially execute arbitrary code. The vulnerability affects the channel lookup and deletion operations between multiple concurrent sessions. A patch is available to add proper locking mechanisms to protect xarray access.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code.

Linux Information Disclosure Red Hat +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Linux kernel erofs file system contains a use-after-free vulnerability in direct I/O file-backed mount operations that allows local attackers with user privileges to cause memory corruption and potentially achieve code execution or denial of service. The vulnerability occurs when accessing files through the directio option, where freed memory is subsequently accessed during I/O operations. A patch is not currently available, making this a critical concern for systems running affected Linux kernel versions.

Linux Information Disclosure Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in Linux kernel XFS subsystem allows local attackers with unprivileged access to cause memory corruption and potential privilege escalation through improper pointer dereferencing in the btree block owner checking function. The flaw stems from attempting to access freed memory due to incorrect temporal ordering of operations when determining cursor aliases. This vulnerability affects all Linux systems using XFS and currently lacks a patch.

Linux Information Disclosure Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory allocation errors in the Linux kernel's OMAP crypto driver cause scatterlist objects to be undersized by 4x, enabling local authenticated attackers to trigger denial of service conditions through memory corruption. An attacker with local access and user-level privileges can exploit this miscalculation to crash the system or cause unpredictable kernel behavior. No patch is currently available for this vulnerability.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Linux kernel's fsl-mc bus driver contains a use-after-free vulnerability in the driver_override_show() function that reads device configuration without proper locking, allowing a local privileged user to trigger memory corruption by concurrently modifying the same data. This vulnerability affects Linux systems running vulnerable kernel versions and could enable local denial of service or potential privilege escalation through heap memory manipulation. No patch is currently available for this issue.

Linux Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel's ksmbd SMB server implementation contains a denial-of-service vulnerability where failed signature verification on chained SMB2 requests causes an infinite loop due to improper state reset. A local or authenticated attacker can trigger this condition by sending a malformed signed request, causing the ksmbd process to hang and become unresponsive.

Linux Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating nblocks if end_block is too small.

Linux Buffer Overflow Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature [154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete [154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3.

Linux Null Pointer Dereference Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop.

Linux Denial Of Service Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add The driver does not set hw->sta_data_size, which causes mac80211 to allocate insufficient space for driver private station data in __sta_info_alloc().

Linux Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error path to fix system crash System crash seen during load/unload test in a loop, [61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.

Linux Denial Of Service Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned.

Linux Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb->s_fs_info is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->s_fs_info.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() rtw_core_enable_beacon() reads 4 bytes from an address that is not a multiple of 4. This results in a crash on some systems.

Linux Denial Of Service Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory allocation profiling in the Linux kernel fails to properly clear allocation tags during abort operations when CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled, allowing a local privileged user to trigger a denial of service through kernel warnings and potential system instability. The vulnerability affects the slab memory allocator's interaction with memcg abort handling and requires local access with elevated privileges to exploit. No patch is currently available for this medium-severity issue.

Linux Code Injection Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference in the Linux kernel's loongson-64bit GPIO driver allows local attackers with user privileges to cause a denial of service through an incorrect NULL check that fails to validate chip->irq.parents after memory allocation. The vulnerability affects Linux systems with Loongson GPIO hardware and requires no user interaction to trigger. No patch is currently available.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A deadlock vulnerability in the Linux kernel's RISC-V tracing subsystem allows local users with tracing privileges to hang the system by enabling ftrace snapshots on __sbi_ecall functions, causing recursive IPI interrupts that trigger infinite snapshot loops. This issue is particularly easy to exploit on RISC-V systems lacking the SSTC extension, where timer events automatically invoke SBI ecalls. The vulnerability requires local access and is only exploitable if tracing is enabled, making it a denial of service vector for systems with active kernel tracing.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's iSCSI target implementation allows local attackers with low privileges to cause memory corruption and potential denial of service by exploiting a race condition in the connection usage counting mechanism. The flaw occurs when a spinlock is released after calling complete(), allowing a waiting thread to free the connection structure before the current thread finishes its unlock operation. No patch is currently available for this vulnerability.

Linux Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel's VMware hypercall implementation improperly handles register state during mouse events, allowing local attackers with user privileges to trigger a denial of service through a kernel panic via crafted input to the vmmouse driver. The vulnerability stems from incomplete register preservation when the QEMU VMware mouse emulation clears the upper 32 bits of CPU registers containing kernel pointers. No patch is currently available for this medium-severity issue affecting Linux systems running on VMware or QEMU with vmmouse support.

Linux VMware Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial of service vulnerability in the Linux kernel's btrfs filesystem allows local users with standard privileges to cause a system crash by triggering transaction aborts on read-only mounted filesystems. An attacker can exploit this by mounting a malformed btrfs filesystem with rescue options, causing the kernel to abort transactions with error handling failures during unmount. No patch is currently available for this medium-severity vulnerability.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

AMD GPU drivers on Linux systems fail to prevent MMIO register access during SMU Mode 1 reset, allowing incomplete PCIe transactions that can trigger NMI panics or system hangs. A local attacker with driver interaction capabilities could exploit this to cause a denial of service by accessing registers while the device is offline. The vulnerability affects Linux kernel implementations with AMD PM functionality and currently lacks an available patch.

Linux Information Disclosure Amd +3
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A data-race condition in the Linux kernel bonding driver's slave->last_rx field can be accessed without proper synchronization, potentially causing a denial of service on systems using bonded network interfaces. Local attackers with limited privileges can trigger the race condition to cause system instability or crashes. A patch is not currently available, and exploitation requires specific timing conditions.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel swap handling can cause a kernel panic under heavy memory pressure when arch_prepare_to_swap fails due to read-only swap address space restrictions introduced in a prior commit. A local attacker with user privileges can trigger this denial of service condition during memory reclamation operations. No patch is currently available for this medium-severity vulnerability.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raid_disks via sysfs In raid1_reshape(), freeze_array() is called before modifying the r1bio memory pool (conf->r1bio_pool) and conf->raid_disks, and unfreeze_array() is called after the update is completed.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
Prev Page 25 of 143 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy