CVE-2026-53262
- EPSS 0.13%
- Veröffentlicht 25.06.2026 08:39:50
- Zuletzt bearbeitet 08.07.2026 15:15:55
In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl() pppol2tp_ioctl() read sock->sk->sk_user_data directly without any locks or reference counting. If a controllable slee...
CVE-2026-53260
- EPSS 0.35%
- Veröffentlicht 25.06.2026 08:39:49
- Zuletzt bearbeitet 08.07.2026 15:25:49
In the Linux kernel, the following vulnerability has been resolved: tcp: Add preempt_{disable,enable}_nested() in reqsk_queue_hash_req(). syzbot reported a weird reqsk->rsk_refcnt underflow in __inet_csk_reqsk_queue_drop(). The captured reqsk_put(...
CVE-2026-53261
- EPSS 0.12%
- Veröffentlicht 25.06.2026 08:39:49
- Zuletzt bearbeitet 08.07.2026 15:17:32
In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relation on devlink free devlink relation state is normally released from devl_unregister(), which calls devlink_rel_put(). This misses devlink instances th...
CVE-2026-53259
- EPSS 0.12%
- Veröffentlicht 25.06.2026 08:39:48
- Zuletzt bearbeitet 08.07.2026 16:39:16
In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash under idev->lock syzbot reported a splat [1]: a slab-use-after-free in ipv6_chk_acast_addr(), which walks the global inet6_acaddr_lst[] h...
CVE-2026-53257
- EPSS 0.1%
- Veröffentlicht 25.06.2026 08:39:47
- Zuletzt bearbeitet 08.07.2026 16:40:58
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: enforce HE/EHT cap/oper consistency Xiang Mei reports that mac80211 could crash if eht_cap is set but eht_oper isn't. Rather than fixing that for the individual use...
CVE-2026-53258
- EPSS 0.12%
- Veröffentlicht 25.06.2026 08:39:47
- Zuletzt bearbeitet 08.07.2026 16:40:07
In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev->int_scan_req is leaked if cfg80211_scan() fails. Note that it's supposed to be released at ___cfg80211_scan_done() but this does...
- EPSS 0.27%
- Veröffentlicht 25.06.2026 08:39:46
- Zuletzt bearbeitet 08.07.2026 16:42:18
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind() rfcomm_get_sock_by_channel() scans rfcomm_sk_list under the list lock, but returns the selected listener after dropp...
CVE-2026-53254
- EPSS 0.28%
- Veröffentlicht 25.06.2026 08:39:45
- Zuletzt bearbeitet 08.07.2026 16:45:33
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb->data to protocol-specific structs without validating skb->len first. A malicious remote dev...
CVE-2026-53255
- EPSS 0.12%
- Veröffentlicht 25.06.2026 08:39:45
- Zuletzt bearbeitet 08.07.2026 16:44:20
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate advertising TLV before type checks tlv_data_is_valid() reads each advertising data field length from data[i], then inspects data[i + 1] for managed EIR ty...
CVE-2026-53253
- EPSS 0.27%
- Veröffentlicht 25.06.2026 08:39:44
- Zuletzt bearbeitet 08.07.2026 16:46:13
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bnep_rx_frame() reads the packet type byte immediately and, for control packets, reads th...