CVE-2026-53198
- EPSS 0.47%
- Veröffentlicht 25.06.2026 08:39:07
- Zuletzt bearbeitet 06.07.2026 12:32:35
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL A deferred byte-range lock (an SMB2_LOCK that blocks) registers an async work on conn->async_requests via se...
CVE-2026-53196
- EPSS 0.28%
- Veröffentlicht 25.06.2026 08:39:06
- Zuletzt bearbeitet 06.07.2026 12:35:18
In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_ti: fix heap overflow in get_manuf_info() get_manuf_info() reads le16_to_cpu(rom_desc->Size) bytes from the device I2C EEPROM into a buffer allocated with kmalloc_o...
CVE-2026-53195
- EPSS 0.15%
- Veröffentlicht 25.06.2026 08:39:05
- Zuletzt bearbeitet 06.07.2026 12:36:28
In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr() build_i2c_fw_hdr() allocates a fixed-size buffer of (16*1024 - 512) + sizeof(struct ti_i2c_firmware_rec) bytes, then cop...
CVE-2026-53194
- EPSS 0.15%
- Veröffentlicht 25.06.2026 08:39:05
- Zuletzt bearbeitet 06.07.2026 12:36:52
In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi_105_prepare_write_buffer() is called by the generic write path with the bulk-out buffer and its size (bulk_out_size, 64 b...
CVE-2026-53192
- EPSS 0.13%
- Veröffentlicht 25.06.2026 08:39:03
- Zuletzt bearbeitet 06.07.2026 12:37:12
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at snd_timer_user_params() At releasing a timer object, e.g. when a userspace timer (CONFIG_SND_UTIMER) gets closed and snd_timer_free() is called, it tries to...
CVE-2026-53189
- EPSS 0.14%
- Veröffentlicht 25.06.2026 08:39:01
- Zuletzt bearbeitet 06.07.2026 12:38:16
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter before folio_put() __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio_...
CVE-2026-53186
- EPSS 0.54%
- Veröffentlicht 25.06.2026 08:38:59
- Zuletzt bearbeitet 06.07.2026 12:41:25
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRP_RSP sense copy by the received length srp_process_rsp() copies sense data from rsp->data + resp_data_len, where resp_data_len is the full 32-bit value supplied ...
CVE-2026-53185
- EPSS 0.1%
- Veröffentlicht 25.06.2026 08:38:58
- Zuletzt bearbeitet 06.07.2026 12:41:41
In the Linux kernel, the following vulnerability has been resolved: zram: fix use-after-free in zram_bvec_write_partial() zram_read_page() picks the sync or async backing device read path based on whether the parent bio is NULL. zram_bvec_write_pa...
CVE-2026-53184
- EPSS 0.51%
- Veröffentlicht 25.06.2026 08:38:58
- Zuletzt bearbeitet 06.07.2026 12:41:51
In the Linux kernel, the following vulnerability has been resolved: udp: clear skb->dev before running a sockmap verdict On the UDP receive path skb->dev is repurposed as dev_scratch (the truesize/state cache set by udp_set_dev_scratch()), through ...
CVE-2026-53183
- EPSS 0.51%
- Veröffentlicht 25.06.2026 08:38:57
- Zuletzt bearbeitet 06.07.2026 12:42:47
In the Linux kernel, the following vulnerability has been resolved: mptcp: allow subflow rcv wnd to shrink In MPTCP connection, the `window` field in the TCP header refers to the MPTCP-level rcv_nxt and it's right edge should not move backward. Suc...