Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0746
Vulnerability from certfr_avis - Published: 2026-06-12 - Updated: 2026-06-12
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 26.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 25.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-23198",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23198"
},
{
"name": "CVE-2026-43078",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43078"
},
{
"name": "CVE-2026-23202",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23202"
},
{
"name": "CVE-2026-23260",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23260"
},
{
"name": "CVE-2026-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23167"
},
{
"name": "CVE-2026-23129",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23129"
},
{
"name": "CVE-2025-38201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38201"
},
{
"name": "CVE-2026-23098",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23098"
},
{
"name": "CVE-2026-47329",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47329"
},
{
"name": "CVE-2025-68749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68749"
},
{
"name": "CVE-2026-23126",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23126"
},
{
"name": "CVE-2026-23054",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23054"
},
{
"name": "CVE-2026-23159",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23159"
},
{
"name": "CVE-2025-68725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68725"
},
{
"name": "CVE-2026-23069",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23069"
},
{
"name": "CVE-2026-22992",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22992"
},
{
"name": "CVE-2025-71191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71191"
},
{
"name": "CVE-2026-47330",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47330"
},
{
"name": "CVE-2025-40039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40039"
},
{
"name": "CVE-2026-23020",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23020"
},
{
"name": "CVE-2026-23187",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23187"
},
{
"name": "CVE-2026-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23136"
},
{
"name": "CVE-2026-23139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23139"
},
{
"name": "CVE-2025-71189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71189"
},
{
"name": "CVE-2026-23179",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23179"
},
{
"name": "CVE-2026-23090",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23090"
},
{
"name": "CVE-2026-23035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23035"
},
{
"name": "CVE-2026-23258",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23258"
},
{
"name": "CVE-2026-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23064"
},
{
"name": "CVE-2025-38591",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38591"
},
{
"name": "CVE-2026-43284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43284"
},
{
"name": "CVE-2026-23061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23061"
},
{
"name": "CVE-2026-23059",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23059"
},
{
"name": "CVE-2026-23135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23135"
},
{
"name": "CVE-2026-23047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23047"
},
{
"name": "CVE-2025-68365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68365"
},
{
"name": "CVE-2026-23119",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23119"
},
{
"name": "CVE-2026-23173",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23173"
},
{
"name": "CVE-2026-23123",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23123"
},
{
"name": "CVE-2026-31431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31431"
},
{
"name": "CVE-2026-23094",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23094"
},
{
"name": "CVE-2026-23049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23049"
},
{
"name": "CVE-2026-23101",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23101"
},
{
"name": "CVE-2026-23099",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23099"
},
{
"name": "CVE-2026-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23085"
},
{
"name": "CVE-2026-23209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23209"
},
{
"name": "CVE-2025-40082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40082"
},
{
"name": "CVE-2026-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23150"
},
{
"name": "CVE-2026-23163",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23163"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2026-23057",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23057"
},
{
"name": "CVE-2025-37926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37926"
},
{
"name": "CVE-2026-43033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43033"
},
{
"name": "CVE-2026-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23166"
},
{
"name": "CVE-2026-22991",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22991"
},
{
"name": "CVE-2026-23264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23264"
},
{
"name": "CVE-2026-47331",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47331"
},
{
"name": "CVE-2026-43503",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43503"
},
{
"name": "CVE-2026-23256",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23256"
},
{
"name": "CVE-2026-23116",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23116"
},
{
"name": "CVE-2025-71200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71200"
},
{
"name": "CVE-2026-22980",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22980"
},
{
"name": "CVE-2026-23172",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23172"
},
{
"name": "CVE-2026-43500",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43500"
},
{
"name": "CVE-2026-23133",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23133"
},
{
"name": "CVE-2026-23131",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23131"
},
{
"name": "CVE-2026-23212",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23212"
},
{
"name": "CVE-2026-23032",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23032"
},
{
"name": "CVE-2026-23170",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23170"
},
{
"name": "CVE-2026-23204",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23204"
},
{
"name": "CVE-2026-23019",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23019"
},
{
"name": "CVE-2025-71188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71188"
},
{
"name": "CVE-2026-23125",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23125"
},
{
"name": "CVE-2026-23005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23005"
},
{
"name": "CVE-2026-47328",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47328"
},
{
"name": "CVE-2026-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23214"
},
{
"name": "CVE-2026-23030",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23030"
},
{
"name": "CVE-2026-23178",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23178"
},
{
"name": "CVE-2026-22997",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22997"
},
{
"name": "CVE-2025-71196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71196"
},
{
"name": "CVE-2026-31533",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31533"
},
{
"name": "CVE-2026-48681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48681"
},
{
"name": "CVE-2026-23191",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23191"
},
{
"name": "CVE-2026-23078",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23078"
},
{
"name": "CVE-2026-47332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47332"
},
{
"name": "CVE-2025-71220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71220"
},
{
"name": "CVE-2026-23103",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23103"
},
{
"name": "CVE-2025-71199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71199"
},
{
"name": "CVE-2025-68358",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68358"
},
{
"name": "CVE-2026-23180",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23180"
},
{
"name": "CVE-2026-23006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23006"
},
{
"name": "CVE-2025-71195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71195"
},
{
"name": "CVE-2026-22994",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22994"
},
{
"name": "CVE-2026-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23083"
},
{
"name": "CVE-2026-23262",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23262"
},
{
"name": "CVE-2026-23088",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23088"
},
{
"name": "CVE-2026-23108",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23108"
},
{
"name": "CVE-2025-71180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71180"
},
{
"name": "CVE-2026-46000",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46000"
},
{
"name": "CVE-2026-47334",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47334"
},
{
"name": "CVE-2025-71194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71194"
},
{
"name": "CVE-2026-23200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23200"
},
{
"name": "CVE-2026-22999",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22999"
},
{
"name": "CVE-2026-23068",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23068"
},
{
"name": "CVE-2026-23089",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23089"
},
{
"name": "CVE-2026-23216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23216"
},
{
"name": "CVE-2025-71225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71225"
},
{
"name": "CVE-2026-23071",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23071"
},
{
"name": "CVE-2026-23056",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23056"
},
{
"name": "CVE-2026-43077",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43077"
},
{
"name": "CVE-2026-23063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23063"
},
{
"name": "CVE-2026-47335",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47335"
},
{
"name": "CVE-2026-23073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23073"
},
{
"name": "CVE-2026-23058",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23058"
},
{
"name": "CVE-2025-71182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71182"
},
{
"name": "CVE-2026-23038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23038"
},
{
"name": "CVE-2026-22990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22990"
},
{
"name": "CVE-2026-23000",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23000"
},
{
"name": "CVE-2025-71186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71186"
},
{
"name": "CVE-2026-47336",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47336"
},
{
"name": "CVE-2026-23176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23176"
},
{
"name": "CVE-2026-23026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23026"
},
{
"name": "CVE-2026-23128",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23128"
},
{
"name": "CVE-2026-46300",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46300"
},
{
"name": "CVE-2025-71190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71190"
},
{
"name": "CVE-2026-23140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23140"
},
{
"name": "CVE-2026-23107",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23107"
},
{
"name": "CVE-2026-22978",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22978"
},
{
"name": "CVE-2026-23146",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23146"
},
{
"name": "CVE-2026-45998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45998"
},
{
"name": "CVE-2026-23037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23037"
},
{
"name": "CVE-2026-23001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23001"
},
{
"name": "CVE-2025-71224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71224"
},
{
"name": "CVE-2026-23193",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23193"
},
{
"name": "CVE-2026-23215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23215"
},
{
"name": "CVE-2026-23025",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23025"
},
{
"name": "CVE-2026-23151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23151"
},
{
"name": "CVE-2026-22982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22982"
},
{
"name": "CVE-2026-23205",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23205"
},
{
"name": "CVE-2025-71222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71222"
},
{
"name": "CVE-2026-31504",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31504"
},
{
"name": "CVE-2026-23142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23142"
},
{
"name": "CVE-2026-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23213"
},
{
"name": "CVE-2026-23091",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23091"
},
{
"name": "CVE-2025-71192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71192"
},
{
"name": "CVE-2026-47327",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47327"
},
{
"name": "CVE-2026-23121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23121"
},
{
"name": "CVE-2026-23274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23274"
},
{
"name": "CVE-2026-47326",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47326"
},
{
"name": "CVE-2026-23144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23144"
},
{
"name": "CVE-2026-23087",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23087"
},
{
"name": "CVE-2026-31419",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31419"
},
{
"name": "CVE-2025-71185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71185"
},
{
"name": "CVE-2025-71268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71268"
},
{
"name": "CVE-2026-23096",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23096"
},
{
"name": "CVE-2025-68351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68351"
},
{
"name": "CVE-2025-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40149"
},
{
"name": "CVE-2026-23164",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23164"
},
{
"name": "CVE-2026-23124",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23124"
},
{
"name": "CVE-2026-23257",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23257"
},
{
"name": "CVE-2025-71160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71160"
},
{
"name": "CVE-2024-58096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58096"
},
{
"name": "CVE-2025-71162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71162"
},
{
"name": "CVE-2026-23075",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23075"
},
{
"name": "CVE-2026-23120",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23120"
},
{
"name": "CVE-2025-68803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68803"
},
{
"name": "CVE-2026-22996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22996"
},
{
"name": "CVE-2026-47337",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47337"
},
{
"name": "CVE-2026-23168",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23168"
},
{
"name": "CVE-2024-50004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50004"
},
{
"name": "CVE-2026-23105",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23105"
},
{
"name": "CVE-2026-22976",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22976"
},
{
"name": "CVE-2024-35862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35862"
},
{
"name": "CVE-2026-23141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23141"
},
{
"name": "CVE-2026-23065",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23065"
},
{
"name": "CVE-2026-23182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23182"
},
{
"name": "CVE-2026-23086",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23086"
},
{
"name": "CVE-2026-23261",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23261"
},
{
"name": "CVE-2026-23156",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23156"
},
{
"name": "CVE-2025-71193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71193"
},
{
"name": "CVE-2026-23095",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23095"
},
{
"name": "CVE-2025-71163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71163"
},
{
"name": "CVE-2026-23062",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23062"
},
{
"name": "CVE-2026-23160",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23160"
},
{
"name": "CVE-2026-46333",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46333"
},
{
"name": "CVE-2026-22984",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22984"
},
{
"name": "CVE-2026-47333",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47333"
},
{
"name": "CVE-2026-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23206"
},
{
"name": "CVE-2024-58097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58097"
},
{
"name": "CVE-2026-23033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23033"
},
{
"name": "CVE-2026-31676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31676"
},
{
"name": "CVE-2026-46447",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46447"
},
{
"name": "CVE-2026-22977",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22977"
},
{
"name": "CVE-2026-23145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23145"
},
{
"name": "CVE-2026-23003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23003"
},
{
"name": "CVE-2026-23076",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23076"
},
{
"name": "CVE-2025-68823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68823"
},
{
"name": "CVE-2026-23394",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23394"
},
{
"name": "CVE-2026-23010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23010"
},
{
"name": "CVE-2026-23112",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23112"
},
{
"name": "CVE-2026-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23084"
},
{
"name": "CVE-2026-23190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23190"
},
{
"name": "CVE-2026-22979",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22979"
},
{
"name": "CVE-2026-23011",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23011"
},
{
"name": "CVE-2026-23110",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23110"
},
{
"name": "CVE-2026-23148",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23148"
},
{
"name": "CVE-2025-71197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71197"
},
{
"name": "CVE-2026-23031",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23031"
},
{
"name": "CVE-2026-23102",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23102"
},
{
"name": "CVE-2026-22998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22998"
},
{
"name": "CVE-2026-23050",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23050"
},
{
"name": "CVE-2026-23113",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23113"
},
{
"name": "CVE-2026-23097",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23097"
},
{
"name": "CVE-2025-71198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71198"
},
{
"name": "CVE-2026-23021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23021"
},
{
"name": "CVE-2026-23093",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23093"
},
{
"name": "CVE-2026-46028",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46028"
},
{
"name": "CVE-2025-71183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71183"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2026-23053",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23053"
},
{
"name": "CVE-2025-71184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71184"
},
{
"name": "CVE-2026-44917",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44917"
},
{
"name": "CVE-2026-23080",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23080"
},
{
"name": "CVE-2026-23351",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23351"
},
{
"name": "CVE-2026-23254",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23254"
},
{
"name": "CVE-2026-43494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43494"
}
],
"initial_release_date": "2026-06-12T00:00:00",
"last_revision_date": "2026-06-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0746",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2026-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8426-1",
"url": "https://ubuntu.com/security/notices/USN-8426-1"
},
{
"published_at": "2026-06-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8361-2",
"url": "https://ubuntu.com/security/notices/USN-8361-2"
},
{
"published_at": "2026-06-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8391-1",
"url": "https://ubuntu.com/security/notices/USN-8391-1"
},
{
"published_at": "2026-06-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8393-1",
"url": "https://ubuntu.com/security/notices/USN-8393-1"
},
{
"published_at": "2026-06-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8388-1",
"url": "https://ubuntu.com/security/notices/USN-8388-1"
},
{
"published_at": "2026-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8421-1",
"url": "https://ubuntu.com/security/notices/USN-8421-1"
},
{
"published_at": "2026-06-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8392-1",
"url": "https://ubuntu.com/security/notices/USN-8392-1"
},
{
"published_at": "2026-06-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8389-1",
"url": "https://ubuntu.com/security/notices/USN-8389-1"
},
{
"published_at": "2026-06-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8390-1",
"url": "https://ubuntu.com/security/notices/USN-8390-1"
}
]
}
CVE-2026-46300 (GCVE-0-2026-46300)
Vulnerability from cvelistv5 – Published: 2026-05-23 11:44 – Updated: 2026-07-02 12:05
VLAI
EPSS
Title
net: skbuff: preserve shared-frag marker during coalescing
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: preserve shared-frag marker during coalescing
skb_try_coalesce() can attach paged frags from @from to @to. If @from
has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same
externally-owned or page-cache-backed frags, but the shared-frag marker
is currently lost.
That breaks the invariant relied on by later in-place writers. In
particular, ESP input checks skb_has_shared_frag() before deciding
whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP
receive coalescing has moved shared frags into an unmarked skb, ESP can
see skb_has_shared_frag() as false and decrypt in place over page-cache
backed frags.
Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged
frags. The tailroom copy path does not need the marker because it copies
bytes into @to's linear data rather than transferring frag descriptors.
Severity
7.8 (High)
CWE
- CWE-123 - Write-what-where Condition
Assigner
References
47 references
Impacted products
59 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 3599e6b3cc1ada96883d496a50a210d3afbb6987
(git)
Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 9d3e5fd19fe1063bf607219e8562fbd567b8e8d5 (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 78bf6b6bb19541d19fbda6242e7cfe2c682763c0 (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 3bd9e113d50034db99d7ef69fd8e5242d15e414a (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 3884358a9286b17f389a72b1426fc4547c23c111 (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < f84eca5817390257cef78013d0112481c503b4a3 (git) |
|
| Linux | Linux |
Affected:
3.9
Unaffected: 0 , < 3.9 (semver) Unaffected: 5.10.257 , ≤ 5.10.* (semver) Unaffected: 5.15.208 , ≤ 5.15.* (semver) Unaffected: 6.1.174 , ≤ 6.1.* (semver) Unaffected: 6.6.141 , ≤ 6.6.* (semver) Unaffected: 6.12.91 , ≤ 6.12.* (semver) Unaffected: 6.18.33 , ≤ 6.18.* (semver) Unaffected: 7.0.10 , ≤ 7.0.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix) |
|
| Red Hat | NVIDIA for RHEL 10 |
cpe:/a:redhat:enterprise_linux_nvidia:10::el10 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.21 |
cpe:/a:redhat:openshift:4.21::el10 cpe:/a:redhat:openshift:4.21::el8 cpe:/a:redhat:openshift:4.21::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.12 |
cpe:/a:redhat:openshift:4.12::el8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.13 |
cpe:/a:redhat:openshift:4.13::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.19 |
cpe:/a:redhat:openshift:4.19::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.20 |
cpe:/a:redhat:openshift:4.20::el9 |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 8) |
cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS AUS (v.8.4) |
cpe:/o:redhat:rhel_aus:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4) |
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS AUS (v.8.6) |
cpe:/o:redhat:rhel_aus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.8.6) |
cpe:/o:redhat:rhel_e4s:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS TUS (v.8.6) |
cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.8.8) |
cpe:/o:redhat:rhel_e4s:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS TUS (v.8.8) |
cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.9.0) |
cpe:/o:redhat:rhel_e4s:9.0::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.9.2) |
cpe:/o:redhat:rhel_e4s:9.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.9.4) |
cpe:/o:redhat:rhel_e4s:9.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS (v.9.4) |
cpe:/o:redhat:rhel_eus:9.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS (v.9.6) |
cpe:/o:redhat:rhel_eus:9.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 9) |
cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux CRB (v. 8) |
cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::crb |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 9) |
cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux NFV (v. 8) |
cpe:/a:redhat:enterprise_linux:8::nfv |
|
| Red Hat | Red Hat Enterprise Linux NFV E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV (v. 9) |
cpe:/a:redhat:enterprise_linux:9::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux Real Time (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux RT (v. 8) |
cpe:/a:redhat:enterprise_linux:8::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time (v. 9) |
cpe:/a:redhat:enterprise_linux:9::realtime |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-23T12:24:19.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/13/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/21/11"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/21/12"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/21/13"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
],
"defaultStatus": "affected",
"product": "NVIDIA for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.21::el10",
"cpe:/a:redhat:openshift:4.21::el8",
"cpe:/a:redhat:openshift:4.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.0::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.2::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus:9.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CRB (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux NFV (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux RT (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged binaries and gain root privileges."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-123",
"description": "Write-what-where Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:05:08.415Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-46300"
},
{
"name": "RHBZ#2477015",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477015"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46300.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19540"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33486"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2026:20032"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21695"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21690"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28887"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23233"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20087"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25044"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21656"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23245"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21702"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23240"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20299"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19569"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19705"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20593"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20054"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20129"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19666"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23470"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20130"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20051"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19521"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23471"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23469"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24814"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19664"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19711"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19875"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:19540: NVIDIA for RHEL 10"
},
{
"lang": "en",
"value": "RHSA-2026:33486: NVIDIA for RHEL 10"
},
{
"lang": "en",
"value": "RHBA-2026:20032: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:21695: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:21690: Red Hat OpenShift Container Platform 4.13"
},
{
"lang": "en",
"value": "RHSA-2026:28887: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:23233: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:20087: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:25044: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:21656: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:23245: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:21702: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:23240: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:20299: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19569: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19705: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:20593: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:20054: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:20129: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19568: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19666: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:23470: Red Hat Enterprise Linux BaseOS (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:20130: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:20051: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19521: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:23471: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:23469: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:24814: Red Hat Enterprise Linux BaseOS E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:23468: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19664: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:19711: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19875: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-13T13:28:21.270Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-13T12:00:00.000Z",
"value": "Made public."
}
],
"title": "kernel: \"Fragnesia\" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel",
"workarounds": [
{
"lang": "en",
"value": "See the security bulletin for a detailed mitigation procedure."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3599e6b3cc1ada96883d496a50a210d3afbb6987",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "9d3e5fd19fe1063bf607219e8562fbd567b8e8d5",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "78bf6b6bb19541d19fbda6242e7cfe2c682763c0",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "3bd9e113d50034db99d7ef69fd8e5242d15e414a",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "3884358a9286b17f389a72b1426fc4547c23c111",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "f84eca5817390257cef78013d0112481c503b4a3",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.257",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.208",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.141",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.257",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.208",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.174",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.141",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.91",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.33",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.10",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-14T18:07:34.359Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3599e6b3cc1ada96883d496a50a210d3afbb6987"
},
{
"url": "https://git.kernel.org/stable/c/2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c"
},
{
"url": "https://git.kernel.org/stable/c/9d3e5fd19fe1063bf607219e8562fbd567b8e8d5"
},
{
"url": "https://git.kernel.org/stable/c/78bf6b6bb19541d19fbda6242e7cfe2c682763c0"
},
{
"url": "https://git.kernel.org/stable/c/760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e"
},
{
"url": "https://git.kernel.org/stable/c/3bd9e113d50034db99d7ef69fd8e5242d15e414a"
},
{
"url": "https://git.kernel.org/stable/c/3884358a9286b17f389a72b1426fc4547c23c111"
},
{
"url": "https://git.kernel.org/stable/c/f84eca5817390257cef78013d0112481c503b4a3"
}
],
"title": "net: skbuff: preserve shared-frag marker during coalescing",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-46300",
"datePublished": "2026-05-23T11:44:02.231Z",
"dateReserved": "2026-05-13T15:03:33.111Z",
"dateUpdated": "2026-07-02T12:05:08.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46333 (GCVE-0-2026-46333)
Vulnerability from cvelistv5 – Published: 2026-05-15 12:58 – Updated: 2026-07-01 12:05
VLAI
EPSS
Title
ptrace: slightly saner 'get_dumpable()' logic
Summary
In the Linux kernel, the following vulnerability has been resolved:
ptrace: slightly saner 'get_dumpable()' logic
The 'dumpability' of a task is fundamentally about the memory image of
the task - the concept comes from whether it can core dump or not - and
makes no sense when you don't have an associated mm.
And almost all users do in fact use it only for the case where the task
has a mm pointer.
But we have one odd special case: ptrace_may_access() uses 'dumpable' to
check various other things entirely independently of the MM (typically
explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for
threads that no longer have a VM (and maybe never did, like most kernel
threads).
It's not what this flag was designed for, but it is what it is.
The ptrace code does check that the uid/gid matches, so you do have to
be uid-0 to see kernel thread details, but this means that the
traditional "drop capabilities" model doesn't make any difference for
this all.
Make it all make a *bit* more sense by saying that if you don't have a
MM pointer, we'll use a cached "last dumpability" flag if the thread
ever had a MM (it will be zero for kernel threads since it is never
set), and require a proper CAP_SYS_PTRACE capability to override.
Severity
7.1 (High)
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
40 references
Impacted products
52 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6
(git)
Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 15b828a46f305ae9f05a7c16914b3ce273474205 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 4709234fd1b95136ceb789f639b1e7ea5de1b181 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 8f907d345bae8f4b3f004c5abc56bf2dfb851ea7 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 2a93a4fac7b6051d3be7cd1b015fe7320cd0404d (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 01363cb3fbd0238ffdeb09f53e9039c9edf8a730 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a (git) Affected: d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12 (git) Affected: 03eed7afbc09e061f66b448daf7863174c3dc3f3 (git) Affected: e45692fa1aea06676449b63ef3c2b6e1e72b7578 (git) Affected: 694a95fa6dae4991f16cda333d897ea063021fed (git) Affected: 3.16.52 , < 3.17 (semver) Affected: 4.4.40 , < 4.5 (semver) Affected: 4.8.16 , < 4.9 (semver) Affected: 4.9.1 , < 4.10 (semver) |
|
| Linux | Linux |
Affected:
4.10
Unaffected: 0 , < 4.10 (semver) Unaffected: 5.10.256 , ≤ 5.10.* (semver) Unaffected: 5.15.207 , ≤ 5.15.* (semver) Unaffected: 6.1.173 , ≤ 6.1.* (semver) Unaffected: 6.6.139 , ≤ 6.6.* (semver) Unaffected: 6.12.89 , ≤ 6.12.* (semver) Unaffected: 6.18.31 , ≤ 6.18.* (semver) Unaffected: 7.0.8 , ≤ 7.0.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix) |
|
| Red Hat | NVIDIA for RHEL 10 |
cpe:/a:redhat:enterprise_linux_nvidia:10::el10 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.20 |
cpe:/a:redhat:openshift:4.20::el8 cpe:/a:redhat:openshift:4.20::el9 |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 8) |
cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS AUS (v.8.4) |
cpe:/o:redhat:rhel_aus:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4) |
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS AUS (v.8.6) |
cpe:/o:redhat:rhel_aus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.8.6) |
cpe:/o:redhat:rhel_e4s:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS TUS (v.8.6) |
cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.8.8) |
cpe:/o:redhat:rhel_e4s:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS TUS (v.8.8) |
cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.9.0) |
cpe:/o:redhat:rhel_e4s:9.0::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.9.2) |
cpe:/o:redhat:rhel_e4s:9.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.9.4) |
cpe:/o:redhat:rhel_e4s:9.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS (v.9.4) |
cpe:/o:redhat:rhel_eus:9.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS (v.9.6) |
cpe:/o:redhat:rhel_eus:9.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 9) |
cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux CRB (v. 8) |
cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::crb |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 9) |
cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux NFV (v. 8) |
cpe:/a:redhat:enterprise_linux:8::nfv |
|
| Red Hat | Red Hat Enterprise Linux NFV E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV (v. 9) |
cpe:/a:redhat:enterprise_linux:9::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux Real Time (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux RT (v. 8) |
cpe:/a:redhat:enterprise_linux:8::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time (v. 9) |
cpe:/a:redhat:enterprise_linux:9::realtime |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-20T18:47:13.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/15/9"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00032.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00035.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/20/14"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/20/16"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46333",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T03:55:24.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
],
"defaultStatus": "affected",
"product": "NVIDIA for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el8",
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.0::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.2::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus:9.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CRB (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux NFV (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux RT (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-15T05:55:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully terminates. Successful exploitation may lead to the disclosure of sensitive data such as SSH host private keys or /etc/shadow contents."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:05:06.860Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-46333"
},
{
"name": "RHBZ#2477802",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477802"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46333.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19540"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33486"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21701"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21702"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20299"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19569"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19705"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20593"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20054"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20129"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19666"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23470"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20130"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20051"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19521"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23471"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23469"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24814"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19664"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19711"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19875"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:19540: NVIDIA for RHEL 10"
},
{
"lang": "en",
"value": "RHSA-2026:33486: NVIDIA for RHEL 10"
},
{
"lang": "en",
"value": "RHSA-2026:21701: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:21702: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:20299: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19569: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19705: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:20593: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:20054: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:20129: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19568: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19666: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:23470: Red Hat Enterprise Linux BaseOS (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:20130: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:20051: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19521: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:23471: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:23469: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:24814: Red Hat Enterprise Linux BaseOS E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:23468: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19664: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:19711: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19875: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T08:27:21.590Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-15T05:55:00.000Z",
"value": "Made public."
}
],
"title": "kernel: Read root-owned files as an unprivileged user",
"workarounds": [
{
"lang": "en",
"value": "See the security bulletin for a detailed mitigation procedure."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/sched.h",
"kernel/exit.c",
"kernel/ptrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "15b828a46f305ae9f05a7c16914b3ce273474205",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "4709234fd1b95136ceb789f639b1e7ea5de1b181",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "8f907d345bae8f4b3f004c5abc56bf2dfb851ea7",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "2a93a4fac7b6051d3be7cd1b015fe7320cd0404d",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "01363cb3fbd0238ffdeb09f53e9039c9edf8a730",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"status": "affected",
"version": "d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12",
"versionType": "git"
},
{
"status": "affected",
"version": "03eed7afbc09e061f66b448daf7863174c3dc3f3",
"versionType": "git"
},
{
"status": "affected",
"version": "e45692fa1aea06676449b63ef3c2b6e1e72b7578",
"versionType": "git"
},
{
"status": "affected",
"version": "694a95fa6dae4991f16cda333d897ea063021fed",
"versionType": "git"
},
{
"lessThan": "3.17",
"status": "affected",
"version": "3.16.52",
"versionType": "semver"
},
{
"lessThan": "4.5",
"status": "affected",
"version": "4.4.40",
"versionType": "semver"
},
{
"lessThan": "4.9",
"status": "affected",
"version": "4.8.16",
"versionType": "semver"
},
{
"lessThan": "4.10",
"status": "affected",
"version": "4.9.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/sched.h",
"kernel/exit.c",
"kernel/ptrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.256",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.173",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.89",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.256",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.207",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.173",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.139",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.89",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.31",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.8",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.8.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-14T18:09:28.322Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6"
},
{
"url": "https://git.kernel.org/stable/c/15b828a46f305ae9f05a7c16914b3ce273474205"
},
{
"url": "https://git.kernel.org/stable/c/4709234fd1b95136ceb789f639b1e7ea5de1b181"
},
{
"url": "https://git.kernel.org/stable/c/8f907d345bae8f4b3f004c5abc56bf2dfb851ea7"
},
{
"url": "https://git.kernel.org/stable/c/6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d"
},
{
"url": "https://git.kernel.org/stable/c/2a93a4fac7b6051d3be7cd1b015fe7320cd0404d"
},
{
"url": "https://git.kernel.org/stable/c/01363cb3fbd0238ffdeb09f53e9039c9edf8a730"
},
{
"url": "https://git.kernel.org/stable/c/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a"
}
],
"title": "ptrace: slightly saner \u0027get_dumpable()\u0027 logic",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-46333",
"datePublished": "2026-05-15T12:58:44.599Z",
"dateReserved": "2026-05-13T15:03:33.113Z",
"dateUpdated": "2026-07-01T12:05:06.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46447 (GCVE-0-2026-46447)
Vulnerability from cvelistv5 – Published: 2026-06-03 00:00 – Updated: 2026-06-15 22:40
VLAI
EPSS
Summary
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-15T22:40:19.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/03/11"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/15/9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T15:15:09.125776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T15:17:37.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ironic",
"vendor": "OpenStack",
"versions": [
{
"lessThan": "26.1.7",
"status": "affected",
"version": "17.0.0",
"versionType": "semver"
},
{
"lessThan": "29.0.6",
"status": "affected",
"version": "27.0.0",
"versionType": "semver"
},
{
"lessThan": "32.0.2",
"status": "affected",
"version": "30.0.0",
"versionType": "semver"
},
{
"lessThan": "35.0.2",
"status": "affected",
"version": "33.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.1.7",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "29.0.6",
"versionStartIncluding": "27.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "32.0.2",
"versionStartIncluding": "30.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.0.2",
"versionStartIncluding": "33.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669 Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T03:18:40.368Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.launchpad.net/ironic/+bug/2150624"
},
{
"url": "https://security.openstack.org/ossa/OSSA-2026-017.html"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-46447",
"datePublished": "2026-06-03T00:00:00.000Z",
"dateReserved": "2026-05-14T00:00:00.000Z",
"dateUpdated": "2026-06-15T22:40:19.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47326 (GCVE-0-2026-47326)
Vulnerability from cvelistv5 – Published: 2026-05-28 18:26 – Updated: 2026-05-28 19:25
VLAI
EPSS
Title
Memory leak in Ubuntu Linux AppArmor large notification response allocation
Summary
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory leak could lead to resource exhaustion.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-401 - Missing release of memory after effective lifetime
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://git.launchpad.net/~ubuntu-kernel/ubuntu/+… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | Ubuntu Linux |
Affected:
6.8.0 , < 6.8.0-124.124
(dpkg)
Affected: 6.17.0 , < 6.17.0-35.35 (dpkg) Affected: 7.0.0 , < 7.0.0-22.22 (dpkg) |
Credits
Tristan Madani (@TristanInSec), Talence Security
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T19:20:50.758806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:25:40.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://launchpad.net/ubuntu/+source/",
"defaultStatus": "unaffected",
"modules": [
"AppArmor"
],
"packageName": "linux",
"product": "Ubuntu Linux",
"repo": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/",
"vendor": "Canonical",
"versions": [
{
"lessThan": "6.8.0-124.124",
"status": "affected",
"version": "6.8.0",
"versionType": "dpkg"
},
{
"lessThan": "6.17.0-35.35",
"status": "affected",
"version": "6.17.0",
"versionType": "dpkg"
},
{
"lessThan": "7.0.0-22.22",
"status": "affected",
"version": "7.0.0",
"versionType": "dpkg"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tristan Madani (@TristanInSec), Talence Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory leak could lead to resource exhaustion."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing release of memory after effective lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T18:26:58.224Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=8d858ecb7e2e216ca2987302a04c266f2355fefe"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Memory leak in Ubuntu Linux AppArmor large notification response allocation"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2026-47326",
"datePublished": "2026-05-28T18:26:58.224Z",
"dateReserved": "2026-05-19T10:37:36.433Z",
"dateUpdated": "2026-05-28T19:25:40.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47327 (GCVE-0-2026-47327)
Vulnerability from cvelistv5 – Published: 2026-05-28 18:27 – Updated: 2026-05-28 19:25
VLAI
EPSS
Title
NULL pointer dereference in Ubuntu Linux AppArmor notification handling
Summary
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL pointer dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://git.launchpad.net/~ubuntu-kernel/ubuntu/+… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | Ubuntu Linux |
Affected:
6.8.0 , < 6.8.0-124.124
(dpkg)
Affected: 6.17.0 , < 6.17.0-35.35 (dpkg) Affected: 7.0.0 , < 7.0.0-22.22 (dpkg) |
Credits
Tristan Madani (@TristanInSec), Talence Security
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T19:20:39.267467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:25:26.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://launchpad.net/ubuntu/+source/",
"defaultStatus": "unaffected",
"modules": [
"AppArmor"
],
"packageName": "linux",
"product": "Ubuntu Linux",
"repo": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/",
"vendor": "Canonical",
"versions": [
{
"lessThan": "6.8.0-124.124",
"status": "affected",
"version": "6.8.0",
"versionType": "dpkg"
},
{
"lessThan": "6.17.0-35.35",
"status": "affected",
"version": "6.17.0",
"versionType": "dpkg"
},
{
"lessThan": "7.0.0-22.22",
"status": "affected",
"version": "7.0.0",
"versionType": "dpkg"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tristan Madani (@TristanInSec), Talence Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T18:27:20.987Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=7f3c4902c39432ce7ea0d384cb70eba282247fac"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "NULL pointer dereference in Ubuntu Linux AppArmor notification handling"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2026-47327",
"datePublished": "2026-05-28T18:27:20.987Z",
"dateReserved": "2026-05-19T10:37:36.433Z",
"dateUpdated": "2026-05-28T19:25:26.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47328 (GCVE-0-2026-47328)
Vulnerability from cvelistv5 – Published: 2026-05-28 18:27 – Updated: 2026-05-28 19:25
VLAI
EPSS
Title
Invalid pointer deallocation in Ubuntu Linux AppArmor notification handling
Summary
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-590 - Free of memory not on the heap
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://git.launchpad.net/~ubuntu-kernel/ubuntu/+… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | Ubuntu Linux |
Affected:
6.8.0 , < 6.8.0-124.124
(dpkg)
Affected: 6.17.0 , < 6.17.0-35.35 (dpkg) Affected: 7.0.0 , < 7.0.0-22.22 (dpkg) |
Credits
Tristan Madani (@TristanInSec), Talence Security
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T19:20:06.494860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:25:13.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://launchpad.net/ubuntu/+source/",
"defaultStatus": "unaffected",
"modules": [
"AppArmor"
],
"packageName": "linux",
"product": "Ubuntu Linux",
"repo": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/",
"vendor": "Canonical",
"versions": [
{
"lessThan": "6.8.0-124.124",
"status": "affected",
"version": "6.8.0",
"versionType": "dpkg"
},
{
"lessThan": "6.17.0-35.35",
"status": "affected",
"version": "6.17.0",
"versionType": "dpkg"
},
{
"lessThan": "7.0.0-22.22",
"status": "affected",
"version": "7.0.0",
"versionType": "dpkg"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tristan Madani (@TristanInSec), Talence Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-590",
"description": "CWE-590 Free of memory not on the heap",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T18:27:33.181Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=7f3c4902c39432ce7ea0d384cb70eba282247fac"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Invalid pointer deallocation in Ubuntu Linux AppArmor notification handling"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2026-47328",
"datePublished": "2026-05-28T18:27:33.181Z",
"dateReserved": "2026-05-19T10:37:36.433Z",
"dateUpdated": "2026-05-28T19:25:13.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47329 (GCVE-0-2026-47329)
Vulnerability from cvelistv5 – Published: 2026-05-28 18:27 – Updated: 2026-05-28 19:24
VLAI
EPSS
Title
Incorrect validation of field size in Ubuntu Linux AppArmor notification responses
Summary
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1284 - Improper validation of specified quantity in input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://git.launchpad.net/~ubuntu-kernel/ubuntu/+… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | Ubuntu Linux |
Affected:
6.8.0 , < 6.8.0-124.124
(dpkg)
Affected: 6.17.0 , < 6.17.0-35.35 (dpkg) Affected: 7.0.0 , < 7.0.0-22.22 (dpkg) |
Credits
Tristan Madani (@TristanInSec), Talence Security
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T19:19:57.301800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:24:59.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://launchpad.net/ubuntu/+source/",
"defaultStatus": "unaffected",
"modules": [
"AppArmor"
],
"packageName": "linux",
"product": "Ubuntu Linux",
"repo": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/",
"vendor": "Canonical",
"versions": [
{
"lessThan": "6.8.0-124.124",
"status": "affected",
"version": "6.8.0",
"versionType": "dpkg"
},
{
"lessThan": "6.17.0-35.35",
"status": "affected",
"version": "6.17.0",
"versionType": "dpkg"
},
{
"lessThan": "7.0.0-22.22",
"status": "affected",
"version": "7.0.0",
"versionType": "dpkg"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tristan Madani (@TristanInSec), Talence Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper validation of specified quantity in input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T18:27:44.945Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9ea8b64b3ad27d0501cf711efa98077998a33b14"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect validation of field size in Ubuntu Linux AppArmor notification responses"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2026-47329",
"datePublished": "2026-05-28T18:27:44.945Z",
"dateReserved": "2026-05-19T10:37:36.433Z",
"dateUpdated": "2026-05-28T19:24:59.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47330 (GCVE-0-2026-47330)
Vulnerability from cvelistv5 – Published: 2026-05-28 18:27 – Updated: 2026-05-28 19:24
VLAI
EPSS
Title
Use of uninitialized value in Ubuntu Linux AppArmor notification handling
Summary
Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-457 - Use of uninitialized variable
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://git.launchpad.net/~ubuntu-kernel/ubuntu/+… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | Ubuntu Linux |
Affected:
6.8.0 , < 6.8.0-124.124
(dpkg)
Affected: 6.17.0 , < 6.17.0-35.35 (dpkg) Affected: 7.0.0 , < 7.0.0-22.22 (dpkg) |
Credits
Tristan Madani (@TristanInSec), Talence Security
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T19:19:48.305274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:24:45.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://launchpad.net/ubuntu/+source/",
"defaultStatus": "unaffected",
"modules": [
"AppArmor"
],
"packageName": "linux",
"product": "Ubuntu Linux",
"repo": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/",
"vendor": "Canonical",
"versions": [
{
"lessThan": "6.8.0-124.124",
"status": "affected",
"version": "6.8.0",
"versionType": "dpkg"
},
{
"lessThan": "6.17.0-35.35",
"status": "affected",
"version": "6.17.0",
"versionType": "dpkg"
},
{
"lessThan": "7.0.0-22.22",
"status": "affected",
"version": "7.0.0",
"versionType": "dpkg"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tristan Madani (@TristanInSec), Talence Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of uninitialized variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T18:27:58.545Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9b2c6eded493fa50e7c8cd3618d7ebe1358abaab"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use of uninitialized value in Ubuntu Linux AppArmor notification handling"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2026-47330",
"datePublished": "2026-05-28T18:27:58.545Z",
"dateReserved": "2026-05-19T10:37:36.433Z",
"dateUpdated": "2026-05-28T19:24:45.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47331 (GCVE-0-2026-47331)
Vulnerability from cvelistv5 – Published: 2026-05-28 18:28 – Updated: 2026-05-29 03:55
VLAI
EPSS
Title
Use-after-free in Ubuntu Linux AppArmor notification handling
Summary
Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://git.launchpad.net/~ubuntu-kernel/ubuntu/+… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | Ubuntu Linux |
Affected:
6.8.0 , < 6.8.0-124.124
(dpkg)
|
Credits
Tristan Madani (@TristanInSec), Talence Security
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T03:55:53.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://launchpad.net/ubuntu/+source/",
"defaultStatus": "unaffected",
"modules": [
"AppArmor"
],
"packageName": "linux",
"product": "Ubuntu Linux",
"repo": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/",
"vendor": "Canonical",
"versions": [
{
"lessThan": "6.8.0-124.124",
"status": "affected",
"version": "6.8.0",
"versionType": "dpkg"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tristan Madani (@TristanInSec), Talence Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T18:28:08.987Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=5e5cd4759b63363373faf1ce15d1cab3606d6ec8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Ubuntu Linux AppArmor notification handling"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2026-47331",
"datePublished": "2026-05-28T18:28:08.987Z",
"dateReserved": "2026-05-19T10:37:36.433Z",
"dateUpdated": "2026-05-29T03:55:53.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47332 (GCVE-0-2026-47332)
Vulnerability from cvelistv5 – Published: 2026-05-28 18:28 – Updated: 2026-05-28 19:24
VLAI
EPSS
Title
Out-of-bounds read in Ubuntu Linux AppArmor notification handling
Summary
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent slab objects.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://git.launchpad.net/~ubuntu-kernel/ubuntu/+… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | Ubuntu Linux |
Affected:
6.8.0 , < 6.8.0-124.124
(dpkg)
Affected: 6.17.0 , < 6.17.0-35.35 (dpkg) Affected: 7.0.0 , < 7.0.0-22.22 (dpkg) |
Credits
Tristan Madani (@TristanInSec), Talence Security
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T19:17:25.504559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:24:19.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://launchpad.net/ubuntu/+source/",
"defaultStatus": "unaffected",
"modules": [
"AppArmor"
],
"packageName": "linux",
"product": "Ubuntu Linux",
"repo": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/",
"vendor": "Canonical",
"versions": [
{
"lessThan": "6.8.0-124.124",
"status": "affected",
"version": "6.8.0",
"versionType": "dpkg"
},
{
"lessThan": "6.17.0-35.35",
"status": "affected",
"version": "6.17.0",
"versionType": "dpkg"
},
{
"lessThan": "7.0.0-22.22",
"status": "affected",
"version": "7.0.0",
"versionType": "dpkg"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tristan Madani (@TristanInSec), Talence Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent slab objects."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T18:28:18.728Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=0418e5f61b55465f19245705bce6590c807fc9f2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds read in Ubuntu Linux AppArmor notification handling"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2026-47332",
"datePublished": "2026-05-28T18:28:18.728Z",
"dateReserved": "2026-05-19T10:37:36.433Z",
"dateUpdated": "2026-05-28T19:24:19.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…