7.8

CVSS3.1

CVE-2024-26852 - net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ip6_route_mpath_notify") was not able to fix …

πŸ“… Published: April 17, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 8:57 a.m.

6

CVSS3.1

CVE-2024-26843 - efi: runtime: Fix potential overflow of soft-reserved region size

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size md_size will have been narrowed if we have >= 4GB worth of pages in a soft-reserved region.

πŸ“… Published: April 17, 2024, midnight πŸ”„ Last Modified: May 21, 2025, 9:12 a.m.

5.5

CVSS3.1

CVE-2024-26839 - IB/hfi1: Fix a memleak in init_credit_return

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix a memleak in init_credit_return When dma_alloc_coherent fails to allocate dd->cr_base[i].va, init_credit_return should deallocate dd->cr_base and dd->cr_base[i] that allocated before. Or those resources would be neve…

πŸ“… Published: April 17, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 8:57 a.m.

7.8

CVSS3.1

CVE-2024-26836 - platform/x86: think-lmi: Fix password opcode ordering for workstations

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value is changed (if Admin password is enabled). Tested on some Thinkpads …

πŸ“… Published: April 17, 2024, midnight πŸ”„ Last Modified: Nov. 25, 2025, 5:29 p.m.

5.5

CVSS3.1

CVE-2024-26834 - netfilter: nft_flow_offload: release dst in case direct xmit path is used

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_flow_offload: release dst in case direct xmit path is used Direct xmit does not use it since it calls dev_queue_xmit() to send packets, hence it calls dst_release(). kmemleak reports: unreferenced object 0xffff88…

πŸ“… Published: April 17, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 8:57 a.m.

6.7

CVSS3.1

CVE-2024-26828 - cifs: fix underflow in parse_server_interfaces()

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "bytes_left" is type …

πŸ“… Published: April 17, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 8:57 a.m.

5.5

CVSS3.1

CVE-2024-26825 - nfc: nci: free rx_data_reassembly skb on NCI device cleanup

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet…

πŸ“… Published: April 17, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 8:57 a.m.

5.5

CVSS3.1

CVE-2024-26845 - scsi: target: core: Add TMF to tmr_list handling

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Add TMF to tmr_list handling An abort that is responded to by iSCSI itself is added to tmr_list but does not go to target core. A LUN_RESET that goes through tmr_list takes a refcounter on the abort and waits …

πŸ“… Published: April 17, 2024, midnight πŸ”„ Last Modified: Jan. 5, 2026, 11:16 a.m.

4.6

CVSS3.1

CVE-2024-32746 -

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module.

πŸ“… Published: April 17, 2024, midnight πŸ”„ Last Modified: April 11, 2025, 2:48 p.m.

5.5

CVSS3.1

CVE-2024-26877 - crypto: xilinx - call finalize with bh disabled

In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 74 at cry…

πŸ“… Published: April 17, 2024, midnight πŸ”„ Last Modified: Dec. 23, 2025, 7:06 p.m.
Total resulsts: 349182
Page 10247 of 34,919
Β« previous page Β» next page
Filters