VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
Reject wrapped offset in kvm_reset_dirty_gfn(). Red Hat rates this important (CVSS 7). Weakness: CWE-190.
fix double-free in tipc_buf_append(). Red Hat rates this important (CVSS 7). Weakness: CWE-763.
propagate nvmet_tcp_build_pdu_iovec() errors to its callers. Red Hat rates this important (CVSS 7). Weakness: CWE-390.
Add missing chan lock in l2cap_ecred_reconf_rsp. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-416.
In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user reports in combination with Cilium utilizing WireGuard as encryption underneath that k8s Pod E/W traffic to certain peer nodes fully stalled. The situation appears as follows: - Occurs very rarely but at random times under heavy networking load. - Once the issue triggers the decryption side stops working completely for that WireGuard peer, other peers keep working fine. The stall happens also for newly initiated connections towards that particular WireGuard peer. - Only the decryption side is affected, never the encryption side. - Once it triggers, it never recovers and remains in this state, the CPU/mem on that node looks normal, no leak, busy loop or crash. - bpftrace on the affected system shows that wg_prev_queue_enqueue fails, thus the MAX_QUEUED_PACKETS (1024 skbs!) for the peer's rx_queue is reached. - Also, bpftrace shows that wg_packet_rx_poll for that peer is never called again after reaching this state for that peer.
validate MAC header was set before dumping it. Red Hat rates this moderate (CVSS 7). Weakness: CWE-125.
serialize accept_q access. Red Hat rates this moderate (CVSS 7). Weakness: CWE-820.
fix signed comparison in io_poll_get_ownership(). Red Hat rates this moderate (CVSS 7). Weakness: CWE-1024.
do not reuse an in-progress partial send. Red Hat rates this moderate (CVSS 7). Weakness: CWE-125.
hold bridge skb->dev while queued. Red Hat rates this moderate (CVSS 7). Weakness: CWE-911.
fix strict mode inbound policy matching. Red Hat rates this moderate (CVSS 7). Weakness: CWE-551.
reject stale associations in dump_one path. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
zero the whole vnet header in tun_put_user(). Red Hat rates this moderate (CVSS 7). Weakness: CWE-909.
safepath symlink following in virt-handler enables notify socket hijacking and node-level VM disruption. Red Hat rates this moderate (CVSS 7.3). Weakness: CWE-61.
Validate node_id in arena_alloc_pages(). Red Hat rates this moderate (CVSS 7). Weakness: CWE-839.
add some missing log locking. Red Hat rates this moderate (CVSS 7). Weakness: CWE-414.
dm cache policy smq: fix missing locks in invalidating cache blocks. Red Hat rates this moderate (CVSS 7). Weakness: CWE-414.
fix use-after-free in advance_sched() on schedule switch. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
require CAP_NET_ADMIN in target netns for unattached ioctls. Red Hat rates this moderate (CVSS 7). Weakness: CWE-266.
Fix same-register dst/src OOB read and pointer leak in sock_ops. Red Hat rates this moderate (CVSS 7). Weakness: CWE-125.