VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
fix missing zerocopy reference in pskb_carve helpers. Red Hat rates this important (CVSS 7.8). Weakness: CWE-911.
fix UAF with retry loop. Red Hat rates this important (CVSS 7). Weakness: CWE-825.
handle empty bo and UAF races. Red Hat rates this important (CVSS 7). Weakness: CWE-476.
Fix WARN_ON in __iommu_group_set_domain_nofail() due to reset. Red Hat rates this important (CVSS 7). Weakness: CWE-825.
Reject wrapped offset in kvm_reset_dirty_gfn(). Red Hat rates this important (CVSS 7). Weakness: CWE-190.
af_alg - Cap AEAD AD length to 0x80000000. Red Hat rates this important (CVSS 7). Weakness: CWE-190.
Drop CLONE_THREAD requirement for private default hash alloc. Red Hat rates this important (CVSS 7). Weakness: CWE-825.
Fix error cleanup in xe_exec_queue_create_ioctl(). Red Hat rates this important (CVSS 7). Weakness: CWE-825.
avoid double drm_exec_fini() in userq validate. Red Hat rates this important (CVSS 7). Weakness: CWE-1341.
propagate nvmet_tcp_build_pdu_iovec() errors to its callers. Red Hat rates this important (CVSS 7). Weakness: CWE-390.
fix race between file release and pressure write. Red Hat rates this important (CVSS 7). Weakness: CWE-367.
fix double-free in tipc_buf_append(). Red Hat rates this important (CVSS 7). Weakness: CWE-763.
use kfree_rcu to release ops. Red Hat rates this important (CVSS 7). Weakness: CWE-763.
remove sprintf usage. Red Hat rates this important (CVSS 7). Weakness: CWE-787.
fix possible UAF in icmpv6_rcv(). Red Hat rates this important (CVSS 7). Weakness: CWE-825.
fix double-free of tx_buf skb. Red Hat rates this moderate (CVSS 7). Weakness: CWE-416.
ccp - copy IV using skcipher ivsize. Red Hat rates this moderate (CVSS 7). Weakness: CWE-805. Red Hat lists fixing advisory RHSA-2026:39494 with package kernel-0:5.14.0-687.25.1.el9_8, kernel-0:6.12.0-211.34.1.el10_2. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 1.
Add missing chan lock in l2cap_ecred_reconf_rsp. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-416.
pull headers in qdisc_pkt_len_segs_init(). Red Hat rates this important (CVSS 7). Weakness: CWE-131.
In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user reports in combination with Cilium utilizing WireGuard as encryption underneath that k8s Pod E/W traffic to certain peer nodes fully stalled. The situation appears as follows: - Occurs very rarely but at random times under heavy networking load. - Once the issue triggers the decryption side stops working completely for that WireGuard peer, other peers keep working fine. The stall happens also for newly initiated connections towards that particular WireGuard peer. - Only the decryption side is affected, never the encryption side. - Once it triggers, it never recovers and remains in this state, the CPU/mem on that node looks normal, no leak, busy loop or crash. - bpftrace on the affected system shows that wg_prev_queue_enqueue fails, thus the MAX_QUEUED_PACKETS (1024 skbs!) for the peer's rx_queue is reached. - Also, bpftrace shows that wg_packet_rx_poll for that peer is never called again after reaching this state for that peer.