CVE-2026-53161
- EPSS 0.14%
- Veröffentlicht 25.06.2026 08:38:42
- Zuletzt bearbeitet 06.07.2026 16:42:02
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context There is a race between fastrpc_device_release() and the workqueue that processes DSP responses. When the use...
CVE-2026-53160
- EPSS 0.13%
- Veröffentlicht 25.06.2026 08:38:42
- Zuletzt bearbeitet 06.07.2026 16:41:56
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpc_map_create fastrpc_map_lookup returns a raw pointer after releasing fl->lock. The caller fastrpc_map_create then calls fastrpc_map...
CVE-2026-53159
- EPSS 0.12%
- Veröffentlicht 25.06.2026 08:38:41
- Zuletzt bearbeitet 07.07.2026 18:28:37
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find_vma misuse fastrpc_get_args() uses find_vma() to look up the VMA for a user-provided pointer and compute a DMA address offset....
CVE-2026-53158
- EPSS 0.12%
- Veröffentlicht 25.06.2026 08:38:40
- Zuletzt bearbeitet 07.07.2026 18:51:08
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback A NULL pointer dereference was observed on Hawi at boot when the DSP sends a glink message before fastrpc_rpmsg_probe(...
CVE-2026-53157
- EPSS 0.14%
- Veröffentlicht 25.06.2026 08:38:40
- Zuletzt bearbeitet 07.07.2026 18:54:28
In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet_device after RCU grace period phonet_device_destroy() removes a phonet_device from the per-net device list with list_del_rcu(), but frees it immediately. R...
CVE-2026-53156
- EPSS 0.13%
- Veröffentlicht 25.06.2026 08:38:39
- Zuletzt bearbeitet 06.07.2026 16:41:14
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix use-after-free bugs in error paths Fix several instances of error paths in which we call __nvmem_device_put() - which may end up freeing the underlying memory and ...
CVE-2026-53150
- EPSS 0.13%
- Veröffentlicht 25.06.2026 08:38:35
- Zuletzt bearbeitet 06.07.2026 17:45:25
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT en...
CVE-2026-53149
- EPSS 0.13%
- Veröffentlicht 25.06.2026 08:38:34
- Zuletzt bearbeitet 06.07.2026 17:51:40
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size __tb_property_parse_dir() does not check that content_offset + content_len fits within block_len for the root directory case...
CVE-2026-53148
- EPSS 0.15%
- Veröffentlicht 25.06.2026 08:38:34
- Zuletzt bearbeitet 08.07.2026 14:41:01
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data copy to allocation size tb_xdp_properties_request() derives the per-packet copy length from the response header without checking that it fi...
CVE-2026-53147
- EPSS 0.28%
- Veröffentlicht 25.06.2026 08:38:33
- Zuletzt bearbeitet 06.07.2026 14:13:01
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tb_xdp_handle_request() casts the received packet buffer to protocol-specific structs without verifying that the ...