CVE-2026-52959
- EPSS 0.09%
- Veröffentlicht 24.06.2026 16:28:40
- Zuletzt bearbeitet 14.07.2026 16:28:18
In the Linux kernel, the following vulnerability has been resolved: virt: sev-guest: Do not use host-controlled page order in cleanup path When issuing an extended guest request (SVM_VMGEXIT_EXT_GUEST_REQUEST), get_ext_report() allocates a buffer t...
CVE-2026-52957
- EPSS 0.53%
- Veröffentlicht 24.06.2026 16:28:39
- Zuletzt bearbeitet 14.07.2026 16:42:07
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential null-ptr-deref in decode_choose_args() A message of type CEPH_MSG_OSD_MAP contains an OSD map that itself contains a CRUSH map. When decoding this CRUSH map ...
CVE-2026-52958
- EPSS 0.54%
- Veröffentlicht 24.06.2026 16:28:39
- Zuletzt bearbeitet 14.07.2026 16:39:34
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmap_decode() When decoding osd_state and osd_weight from an incoming osdmap in osdmap_decode(), both are decoded for each osd, i.e...
CVE-2026-52956
- EPSS 0.36%
- Veröffentlicht 24.06.2026 16:28:38
- Zuletzt bearbeitet 14.07.2026 16:43:00
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in __ceph_x_decrypt() In __ceph_x_decrypt(), a part of the buffer p is interpreted as a ceph_x_encrypt_header, and the magic field of th...
CVE-2026-52955
- EPSS 0.39%
- Veröffentlicht 24.06.2026 16:28:37
- Zuletzt bearbeitet 15.07.2026 01:16:24
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crush_decode() A message of type CEPH_MSG_OSD_MAP containing a crush map with at least one bucket has two fields holding the bucket a...
CVE-2026-52953
- EPSS 0.13%
- Veröffentlicht 24.06.2026 16:28:36
- Zuletzt bearbeitet 14.07.2026 16:50:59
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix oops due to out of scope access Below oops triggers when kill QEMU process: Oops: general protection fault, probably for non-canonical address 0x7fffffff844eaaa7...
CVE-2026-52954
- EPSS 0.53%
- Veröffentlicht 24.06.2026 16:28:36
- Zuletzt bearbeitet 14.07.2026 16:45:43
In the Linux kernel, the following vulnerability has been resolved: libceph: handle rbtree insertion error in decode_choose_args() A message of type CEPH_MSG_OSD_MAP contains an OSD map that itself contains a CRUSH map. The received CRUSH map may o...
CVE-2026-52952
- EPSS 0.14%
- Veröffentlicht 24.06.2026 16:28:35
- Zuletzt bearbeitet 15.07.2026 01:16:24
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix WARN_ON in __iommu_group_set_domain_nofail() due to reset In __iommu_group_set_domain_internal(), concurrent domain attachments are rejected when any device in the group...
CVE-2026-52951
- EPSS 0.14%
- Veröffentlicht 24.06.2026 16:28:34
- Zuletzt bearbeitet 15.07.2026 01:16:23
In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: handle empty bo and UAF races There look to be some nasty races here when triggering the invalidate_mappings hook: 1) We do xe_bo_alloc() followed by the attach, b...
CVE-2026-52950
- EPSS 0.14%
- Veröffentlicht 24.06.2026 16:28:33
- Zuletzt bearbeitet 15.07.2026 01:16:23
In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can...