VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
fix possible UAF in icmpv6_rcv(). Red Hat rates this important (CVSS 7). Weakness: CWE-825.
fix double-free of tx_buf skb. Red Hat rates this moderate (CVSS 7). Weakness: CWE-416.
ccp - copy IV using skcipher ivsize. Red Hat rates this moderate (CVSS 7). Weakness: CWE-805. Red Hat lists fixing advisory RHSA-2026:39494 with package kernel-0:5.14.0-687.25.1.el9_8, kernel-0:6.12.0-211.34.1.el10_2. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 1.
Add missing chan lock in l2cap_ecred_reconf_rsp. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-416.
pull headers in qdisc_pkt_len_segs_init(). Red Hat rates this important (CVSS 7). Weakness: CWE-131.
In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user reports in combination with Cilium utilizing WireGuard as encryption underneath that k8s Pod E/W traffic to certain peer nodes fully stalled. The situation appears as follows: - Occurs very rarely but at random times under heavy networking load. - Once the issue triggers the decryption side stops working completely for that WireGuard peer, other peers keep working fine. The stall happens also for newly initiated connections towards that particular WireGuard peer. - Only the decryption side is affected, never the encryption side. - Once it triggers, it never recovers and remains in this state, the CPU/mem on that node looks normal, no leak, busy loop or crash. - bpftrace on the affected system shows that wg_prev_queue_enqueue fails, thus the MAX_QUEUED_PACKETS (1024 skbs!) for the peer's rx_queue is reached. - Also, bpftrace shows that wg_packet_rx_poll for that peer is never called again after reaching this state for that peer.
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_log: validate MAC header was set before dumping it The fallback path of dump_mac_header() guards the MAC header access only with "skb->mac_header != skb->network_header", without checking skb_mac_header_was_set(). When the MAC header is unset, mac_header is 0xffff, so the test passes and skb_mac_header(skb) returns skb->head + 0xffff, ~64 KiB past the buffer; the loop then reads dev->hard_header_len bytes out of bounds into the kernel log. This is reachable via the netdev logger: nf_log_unknown_packet() calls dump_mac_header() unconditionally, and an skb sent through AF_PACKET with PACKET_QDISC_BYPASS reaches the egress hook with mac_header still unset (__dev_queue_xmit(), which would reset it, is bypassed). Add the skb_mac_header_was_set() check the ARPHRD_ETHER path already uses, and replace the open-coded MAC header length test with skb_mac_header_len(). Only skbs with an unset MAC header are affected; valid ones are dumped as before.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: serialize accept_q access bt_sock_poll() walks the accept queue without synchronization, while child teardown can unlink the same socket and drop its last reference. The unsynchronized accept queue walk has existed since the initial Bluetooth import. Protect accept_q with a dedicated lock for queue updates and polling. Also rework bt_accept_dequeue() to take temporary child references under the queue lock before dropping it and locking the child socket. A race condition exists in the handling of the `accept_q` within the `bt_sock_poll()` function due to a lack of synchronization. This could allow a local attacker to cause a denial of service by manipulating socket operations during child teardown, leading to system instability. Red Hat severity: Moderate — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-820. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6. Red Hat does not currently list a fixing RHSA for this CVE.
fix signed comparison in io_poll_get_ownership(). Red Hat rates this moderate (CVSS 7). Weakness: CWE-1024.
do not reuse an in-progress partial send. Red Hat rates this moderate (CVSS 7). Weakness: CWE-125.
hold bridge skb->dev while queued. Red Hat rates this moderate (CVSS 7). Weakness: CWE-911.
fix strict mode inbound policy matching. Red Hat rates this moderate (CVSS 7). Weakness: CWE-551.
reject stale associations in dump_one path. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
zero the whole vnet header in tun_put_user(). Red Hat rates this moderate (CVSS 7). Weakness: CWE-909.
safepath symlink following in virt-handler enables notify socket hijacking and node-level VM disruption. Red Hat rates this moderate (CVSS 7.3). Weakness: CWE-61.
Validate node_id in arena_alloc_pages(). Red Hat rates this moderate (CVSS 7). Weakness: CWE-839.
add some missing log locking. Red Hat rates this moderate (CVSS 7). Weakness: CWE-414.
dm cache policy smq: fix missing locks in invalidating cache blocks. Red Hat rates this moderate (CVSS 7). Weakness: CWE-414.
fix use-after-free in advance_sched() on schedule switch. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
require CAP_NET_ADMIN in target netns for unattached ioctls. Red Hat rates this moderate (CVSS 7). Weakness: CWE-266.