VYPR

Kernel

by Linux

Source repositories

CVEs (15,818)

  • CVE-2026-43407CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() This patch fixes an out-of-bounds access in ceph_handle_auth_reply() that can be triggered by a message of type CEPH_MSG_AUTH_REPLY. In…

  • CVE-2026-43406CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in process_message_header() If the message frame is (maliciously) corrupted in a way that the length of the control segment ends up being less than the size of…

  • CVE-2026-43197CriMay 6, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netconsole: avoid OOB reads, msg is not nul-terminated msg passed to netconsole from the console subsystem is not guaranteed to be nul-terminated. Before recent commit 7eab73b18630 ("netconsole: convert to…

  • CVE-2026-43117CriMay 6, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() If overlay is used on top of btrfs, dentry->d_sb translates to overlay's super block and fsid assignment will lead to a crash. …

  • CVE-2026-43083CriMay 6, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: ioam6: fix OOB and missing lock When trace->type.bit6 is set: if (trace->type.bit6) { ... queue = skb_get_tx_queue(dev, skb); qdisc = rcu_dereference(queue->qdisc); This code…

  • CVE-2026-43071CriMay 5, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dcache: Limit the minimal number of bucket to two There is an OOB read problem on dentry_hashtable when user sets 'dhash_entries=1': BUG: unable to handle page fault for address: ffff888b30b774b0 #PF:…

  • CVE-2026-31682CriApr 25, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before parsing ND options br_nd_send() parses neighbour discovery options from ns->opt[] and assumes that these options are in the linear part of request. Its callers only…

  • CVE-2026-31636CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and then passes p + auth_len as the parser limit to rxgk_do_verify_authenticator().…

  • CVE-2026-23455CriApr 3, 2026
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator…

  • CVE-2022-50386HigSep 18, 2025
    risk 0.52cvss 8.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2cap_chan_hold_unless_zero() after calling __l2cap_get_chan_blah() to prevent the following trace: Bluetooth: l2cap_core.c:static void…

  • CVE-2023-52832CriMay 21, 2024
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() We can get a UBSAN warning if ieee80211_get_tx_power() returns the INT_MIN value mac80211 internally uses for "unset power level". UBSAN:…

  • CVE-2024-26594HigFeb 23, 2024
    risk 0.52cvss 7.1epss 0.78

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid.

  • CVE-2023-52434HigFeb 20, 2024
    risk 0.52cvss 8.0epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create…

  • CVE-2021-4157HigMar 25, 2022
    risk 0.52cvss 8.0epss 0.02

    An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate…

  • CVE-2018-16884HigDec 18, 2018
    risk 0.52cvss 8.0epss 0.01

    A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel…

  • CVE-2017-1000364HigJun 19, 2017
    risk 0.52cvss 7.4epss 0.05

    An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was…

  • CVE-2026-23239HigMar 10, 2026
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is called from espintcp_close(), espintcp_tx_work() can still be scheduled from paths…

  • CVE-2026-23227HigFeb 18, 2026
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free Exynos Virtual Display driver performs memory alloc/free operations without lock protection, which…

  • CVE-2026-23225HigFeb 18, 2026
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in…

  • CVE-2026-23224HigFeb 18, 2026
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: erofs: fix UAF issue for file-backed mounts w/ directio option [ 9.269940][ T3222] Call trace: [ 9.269948][ T3222] ext4_file_read_iter+0xac/0x108 [ 9.269979][ T3222] vfs_iocb_iter_read+0xac/0x198 [ …

Page 13 of 791