Количество 13
Количество 13
CVE-2025-40271
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------------------- trave...
CVE-2025-40271
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ---------------------------------------------------------------
CVE-2025-40271
In the Linux kernel, the following vulnerability has been resolved: f ...
GHSA-r37x-wmxh-7hvh
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------...
ELSA-2026-50005
ELSA-2026-50005: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2025-28068
ELSA-2025-28068: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2025-28066
ELSA-2025-28066: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2025-28067
ELSA-2025-28067: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2026-50007
ELSA-2026-50007: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2026-50006
ELSA-2026-50006: Unbreakable Enterprise kernel security update (IMPORTANT)
SUSE-SU-2026:0315-1
Security update for the Linux Kernel
SUSE-SU-2026:0281-1
Security update for the Linux Kernel
SUSE-SU-2026:0278-1
Security update for the Linux Kernel
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-40271 In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------------------- trave... | 0% Низкий | около 2 месяцев назад | |
 | CVE-2025-40271 In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 --------------------------------------------------------------- | 0% Низкий | около 2 месяцев назад | |
| CVE-2025-40271 In the Linux kernel, the following vulnerability has been resolved: f ... | 0% Низкий | около 2 месяцев назад | |
| GHSA-r37x-wmxh-7hvh In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------... | 0% Низкий | около 2 месяцев назад | |
| ELSA-2026-50005 ELSA-2026-50005: Unbreakable Enterprise kernel security update (IMPORTANT) | 24 дня назад | ||
| ELSA-2025-28068 ELSA-2025-28068: Unbreakable Enterprise kernel security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2025-28066 ELSA-2025-28066: Unbreakable Enterprise kernel security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2025-28067 ELSA-2025-28067: Unbreakable Enterprise kernel security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2026-50007 ELSA-2026-50007: Unbreakable Enterprise kernel security update (IMPORTANT) | 23 дня назад | ||
| ELSA-2026-50006 ELSA-2026-50006: Unbreakable Enterprise kernel security update (IMPORTANT) | 23 дня назад | ||
 | SUSE-SU-2026:0315-1 Security update for the Linux Kernel | 7 дней назад | ||
| SUSE-SU-2026:0281-1 Security update for the Linux Kernel | 12 дней назад | ||
| SUSE-SU-2026:0278-1 Security update for the Linux Kernel | 12 дней назад |
Уязвимостей на страницу