24h | 7d | 30d

Overview

  • Linux
  • Linux

04 Jul 2026
Published
06 Jul 2026
Updated

CVSS
Pending
EPSS
0.18%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. The rmap_remove() call would miss entries created after the PDE change because the GFN of the leaf SPTE does not match the GFN of the struct kvm_mmu_page. A similar hole however remains if the modified PDE points to a non-leaf page. In this case the gfn can be made to match, but the role does not match: the original large 2MB page creates a kvm_mmu_page with direct=1, while the new 4KB needs a kvm_mmu_page with direct=0. However, kvm_mmu_get_child_sp() does not compare the role, and therefore reuses the page. The next step is installing a leaf (4KB) SPTE on the new path which records an rmap entry under the gfn resolved by the walk. But when that child is zapped its parent kvm_mmu_page has direct=1 and kvm_mmu_page_get_gfn() computes the gfn for the 4KB page as sp->gfn + index instead of using sp->shadowed_translation[] (or sp->gfns[] in older kernels). It therefore fails to remove the recorded entry. When the memslot is dropped the shadow page is freed but the rmap entry survives, as in the scenario that was already fixed. Code that later walks that gfn (dirty logging, MMU notifier invalidation, and so on) dereferences an sptep that lies in the freed page, causing the use-after-free.

Statistics

  • 24 Posts
  • 76 Interactions

Last activity: Last hour

Fediverse

Profile picture fallback

Oh, goodie. KVM Guest-to-Host escape

"Januscape (CVE-2026-53359)" -- github.com/V4bel/Januscape

openwall.com/lists/oss-securit

  • 24
  • 13
  • 0
  • 23h ago
Profile picture fallback

*sigh*

CVE-2026-53359: Guest-to-Host Escape in KVM/x86

Workaround: disable nested virtualization (kvm_intel.nested=0 / kvm_amd.nested=0 boot/module parameters)

github.com/V4bel/Januscape

  • 4
  • 9
  • 0
  • 6h ago
Profile picture fallback

MT @v4bel@x.com
💥 Introducing "Januscape" (CVE-2026-53359)

A Guest-to-Host Escape in KVM/x86 exploiting a UAF in the shadow MMU. Triggerable on both Intel and AMD hosts. Threatens x86 public clouds (GCP, AWS) that expose nested virtualization.

"16 years" latent. Successfully used as a 0-day exploit in "Google kvmCTF".

To the best of public knowledge, the first KVM exploit research triggerable on both Intel and AMD.

Details: januscape.io

#infosec #januscape #kvm

  • 3
  • 1
  • 0
  • 15h ago
Profile picture fallback

Tschu Tschu KVM and Cloud Provider Good Luck have fun patching!

github.com/V4bel/Januscape

#Januscape #CVE-2026-53359 #CVE202653359

  • 2
  • 1
  • 0
  • 23h ago
Profile picture fallback

@Viss @ai6yr "CVE-2026-53359: Guest-to-Host Escape in KVM/x86" chaos.social/@equinox/11687816

  • 1
  • 2
  • 0
  • 5h ago
Profile picture fallback

‼️ New Dark Web Informer Blog Post!

Title: A Long-Lived KVM Bug Resurfaces: Shadow Paging Use-After-Free in the Linux Kernel (CVE-2026-53359)

Link: darkwebinformer.com/a-long-liv

  • 0
  • 2
  • 0
  • 23h ago
Profile picture fallback

Researchers disclosed a PoC for the Januscape KVM escape (CVE-2026-53359). This use-after-free KVM bug impacts public clouds, allowing host panics and LPE.

securityonline.info/januscape-

  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback

Januscape (CVE-2026-53359): A Silent 16-Year Linux KVM Flaw That Can Collapse Cloud Hosts From Inside a Guest Machine + Video

Introduction: A Hidden Crack Inside the Virtualization Core of Linux A newly disclosed vulnerability in the Linux Kernel-based Virtual Machine (KVM) subsystem has shaken the virtualization security landscape. Named Januscape (CVE-2026-53359), the flaw allows a malicious virtual machine to trigger a use-after-free condition inside the host’s…

undercodenews.com/januscape-cv

  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback

⚠️ CRITICAL: 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

A 16-year-old use-after-free vulnerability in Linux KVM (CVE-2026-53359) allows guest VMs to escape to the host kernel and potentially achieve full code execution on Intel and AMD x86 systems. Exploitation requires root inside the guest and nested virtualization enabled. An unreleased exploit repor…

threatnoir.com/focus

  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback

Januscape (CVE-2026-53359): The 16-Year-Old KVM Bug That Lets a Guest VM Take Down Its Host

CVE-2026-53359, dubbed Januscape, is a 16-year-old KVM use-after-free letting guest VMs crash or escalate into the host. Here's the full technical breakdown

thecybersecguru.com/news/cve-2

  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback

Januscape Exposes a 16-Year Linux KVM Flaw, Researchers Reveal Critical Guest-to-Host Escape Threat for Cloud Infrastructure + Video

Introduction: A Hidden Vulnerability That Lived Inside Linux for Sixteen Years One of the most significant Linux virtualization vulnerabilities ever discovered has finally come to light. Security researcher Hyunwoo Kim has uncovered Januscape (CVE-2026-53359), a dangerous use-after-free vulnerability buried inside Linux's Kernel-based…

undercodenews.com/januscape-ex

  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback

The Januscape vulnerability (CVE-2026-53359) in the Linux KVM hypervisor allows attackers to execute a VM escape, enabling code execution on both Intel and AMD host systems. This use-after-free flaw can be exploited by an attacker with guest root access to achieve full host compromise or cause a denial-of-service.
securityweek.com/linux-kernel-

  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback

We have patched kernels ready for testing for two Linux kernel vulnerabilities: Januscape (CVE-2026-53359) and Bad Epoll (CVE-2026-46242).

Januscape affects every supported AlmaLinux release (8, 9, and 10). Bad Epoll affects AlmaLinux 9 and 10.

Learn more: almalinux.org/blog/2026-07-06-

  • 5
  • 2
  • 0
  • 18h ago

Bluesky

Profile picture fallback
Linux Kernelの脆弱性(Januscape: CVE-2026-53359) #security #vulnerability #セキュリティ #脆弱性 #linux #kernel #kvm security.sios.jp/vulnerabilit...
  • 0
  • 2
  • 0
  • 16h ago
Profile picture fallback
Linux kernel flaw CVE-2026-53359, nicknamed Januscape, can let attackers escape KVM VMs and execute code on the host. The shadow MMU bug threatens public clouds and nested virtualization. #Januscape #KVM #IntelAMD
  • 0
  • 1
  • 0
  • 3h ago
Profile picture fallback
Januscape: Guest-to-Host Escape in KVM/x86 github.com -> CVE-2026-53359 Original->
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359] https://github.com/V4bel/Januscape https://news.ycombinator.com/item?id=48807908
  • 0
  • 0
  • 1
  • 8h ago
Profile picture fallback
CVE-2026-53359 (Januscape) is a KVM shadow MMU use-after-free that enables guest-to-host VM escape and host compromise on Intel and AMD.
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
🚨 #ALERTA: | CVE-2026-53359 "#Januscape" y el Escapismo de VM en KVM | Vulnerabilidad 16 años en Linux | La #vulnerabilidad en #Linux KVM que permite el escape de VM. Guía de mitigación y seguridad crítica. www.newstecnicas.com/2026/07/aler...
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
O CVE-2026-53359 (Januscape) permite escape de VM para host no KVM/x86. Falha ativa há 16 anos. Atualize seu kernel Fedora 43 para 7.1.3 agora. Saiba mais: -> tinyurl.com/2c4utfd6
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD.
  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback
🔒 Sysadmins: A atualização crítica do #Fedora 43 para kernel-headers 7.1.3 já está disponível! Corrige o CVE-2026-53359 (Januscape) — um UAF no KVM que permite VM escape após 16 anos dormentes. Saiba mais: -> tinyurl.com/yn2njpwk
  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
We have patched kernels ready for testing for two Linux kernel vulnerabilities: Januscape (CVE-2026-53359) and Bad Epoll (CVE-2026-46242). Learn more and help with testing: https://almalinux.org/blog/2026-07-06-januscape-bad-epoll/?utm_medium=social&utm_source=bluesky
  • 1
  • 3
  • 0
  • 15h ago

Overview

  • Adobe
  • ColdFusion

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
1.02%

KEV

Description

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Statistics

  • 6 Posts
  • 1 Interaction

Last activity: Last hour

Fediverse

Profile picture fallback

‼️ New Dark Web Informer Blog Post!

Title: Adobe ColdFusion flaw CVE-2026-48282 is now being Exploited in the Wild

Link: darkwebinformer.com/adobe-cold

  • 0
  • 1
  • 0
  • 20h ago
Profile picture fallback

"Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel.“

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback

Geopolitical: The NATO Summit commenced in Ankara on July 7, addressing defense spending and new air power deals. Ukraine executed long-range drone strikes on Russia's Omsk refinery on July 7. Cybersecurity: A critical Adobe ColdFusion vulnerability (CVE-2026-48282) is being actively exploited. A Linux 'Bad Epoll' root exploit (CVE-2026-46242) has also been publicly released. Technology: The UN Global Dialogue on AI Governance started July 6 in Geneva. Microsoft announced 4,800 job cuts, notably affecting its Xbox division, on July 6.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
Hackers Begin Exploiting Critical Adobe ColdFusion Flaw Just Hours After Patch Release Cybersecurity researchers have confirmed that attackers are actively exploiting a critical vulnerability in Adobe ColdFusion, tracked as CVE-2026-48282, only hours after Adobe released security updates.
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282) 🔗 Read more: www.helpnetsecurity.com/2026/07/07/a... #cybersecurity #cybersecuritynews #exploit #vulnerability #PoC @adobe.com @ccbelgium.bsky.social @shadowserver.bsky.social
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Threat actors are exploiting a max-severity Adobe ColdFusion path traversal flaw (CVE-2026-48282) within two hours of disclosure, enabling arbitrary code execution.
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Linux
  • Linux

30 May 2026
Published
04 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.12%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_lock but then kept using @file inside the critical section (is_file_epoll(), hlist_del_rcu() through the head, spin_unlock). A concurrent __fput() taking the eventpoll_release() fastpath in that window observed the transient NULL, skipped eventpoll_release_file() and ran to f_op->release / file_free(). For the epoll-watches-epoll case, f_op->release is ep_eventpoll_release() -> ep_clear_and_put() -> ep_free(), which kfree()s the watched struct eventpoll. Its embedded ->refs hlist_head is exactly where epi->fllink.pprev points, so the subsequent hlist_del_rcu()'s "*pprev = next" scribbles into freed kmalloc-192 memory. In addition, struct file is SLAB_TYPESAFE_BY_RCU, so the slot backing @file could be recycled by alloc_empty_file() -- reinitializing f_lock and f_ep -- while ep_remove() is still nominally inside that lock. The upshot is an attacker-controllable kmem_cache_free() against the wrong slab cache. Pin @file via epi_fget() at the top of ep_remove() and gate the critical section on the pin succeeding. With the pin held @file cannot reach refcount zero, which holds __fput() off and transitively keeps the watched struct eventpoll alive across the hlist_del_rcu() and the f_lock use, closing both UAFs. If the pin fails @file has already reached refcount zero and its __fput() is in flight. Because we bailed before clearing f_ep, that path takes the eventpoll_release() slow path into eventpoll_release_file() and blocks on ep->mtx until the waiter side's ep_clear_and_put() drops it. The bailed epi's share of ep->refcount stays intact, so the trailing ep_refcount_dec_and_test() in ep_clear_and_put() cannot free the eventpoll out from under eventpoll_release_file(); the orphaned epi is then cleaned up there. A successful pin also proves we are not racing eventpoll_release_file() on this epi, so drop the now-redundant re-check of epi->dying under f_lock. The cheap lockless READ_ONCE(epi->dying) fast-path bailout stays.

Statistics

  • 6 Posts
  • 13 Interactions

Last activity: Last hour

Fediverse

Profile picture fallback

The new Linux kernel threat that outsmarted AI: Bad Epoll! 🚨

Discover the deep technical mechanics of CVE-2026-46242, how it escapes Chrome's sandbox to gain root, and its critical impact on Android/Linux systems. 👇

🔗 denizhalil.com/2026/07/06/bad-

#linux #CyberSecurity #CVE202646242

  • 1
  • 0
  • 0
  • 21h ago
Profile picture fallback
  • 1
  • 0
  • 0
  • 4h ago
Profile picture fallback

⚠️ CRITICAL: Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability

A public proof-of-concept exploit is now available for CVE-2026-46242, a race-condition use-after-free bug in the Linux kernel epoll facility that allows unprivileged local processes to escalate to root. This affects kernel versions 6.4 and newer, including Android devices. Any system running vulne…

threatnoir.com/focus

  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback

We have patched kernels ready for testing for two Linux kernel vulnerabilities: Januscape (CVE-2026-53359) and Bad Epoll (CVE-2026-46242).

Januscape affects every supported AlmaLinux release (8, 9, and 10). Bad Epoll affects AlmaLinux 9 and 10.

Learn more: almalinux.org/blog/2026-07-06-

  • 5
  • 2
  • 0
  • 18h ago
Profile picture fallback

Geopolitical: The NATO Summit commenced in Ankara on July 7, addressing defense spending and new air power deals. Ukraine executed long-range drone strikes on Russia's Omsk refinery on July 7. Cybersecurity: A critical Adobe ColdFusion vulnerability (CVE-2026-48282) is being actively exploited. A Linux 'Bad Epoll' root exploit (CVE-2026-46242) has also been publicly released. Technology: The UN Global Dialogue on AI Governance started July 6 in Geneva. Microsoft announced 4,800 job cuts, notably affecting its Xbox division, on July 6.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
We have patched kernels ready for testing for two Linux kernel vulnerabilities: Januscape (CVE-2026-53359) and Bad Epoll (CVE-2026-46242). Learn more and help with testing: https://almalinux.org/blog/2026-07-06-januscape-bad-epoll/?utm_medium=social&utm_source=bluesky
  • 1
  • 3
  • 0
  • 15h ago

Overview

  • BeyondTrust
  • Remote Support

06 Jul 2026
Published
07 Jul 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
Pending

KEV

Description

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled

Statistics

  • 5 Posts
  • 1 Interaction

Last activity: 3 hours ago

Fediverse

Profile picture fallback

‼️ New Dark Web Informer Blog Post!

Title: Pre-Auth Access-Control Bypass in BeyondTrust Remote Support and PRA (CVE-2026-40138)

Link: darkwebinformer.com/pre-auth-a

  • 0
  • 1
  • 0
  • 21h ago
Profile picture fallback

Attention, elevated activities detected targeting BeyondTrust Remote Support and Privileged Remote Access (CVE-2026-40138) vuldb.com/vuln/376483/cti

  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback

BeyondTrust patched a critical pre-authentication vulnerability (CVE-2026-40138, CVE-2026-40139, CVE-2026-40140). Update Remote Support instances now.

securityonline.info/cve-2026-4

  • 0
  • 0
  • 0
  • 22h ago

Bluesky

Profile picture fallback
BeyondTrust disclosed four pre-authentication vulnerabilities in its Remote Support (RS) and Privileged Remote Access (PRA) products. Two critical flaws (CVE-2026-40138 […]
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
BeyondTrust patched critical auth-bypass flaws in Remote Support and PRA, affecting versions 25.3.2 and earlier. Two high-severity bugs were also fixed, after prior issues hit US government systems. #BeyondTrust #US #CVE202640138
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • langflow-ai
  • langflow

07 Apr 2025
Published
23 Jun 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
99.97%

Description

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Statistics

  • 3 Posts
  • 4 Interactions

Last activity: 15 hours ago

Fediverse

Profile picture fallback

"Ransomware has had a human at the keyboard, or at least a human writing its script, since it was first established as a category of threat. The Sysdig Threat Research Team (TRT) has captured what we assess to be the first documented case of agentic ransomware: a complete extortion operation driven end-to-end by a large language model (LLM).

This operator, which we have dubbed JADEPUFFER, gained initial access to an internet-facing Langflow instance through CVE-2025-3248 and ran an adaptive and fully automated campaign, ultimately pivoting to the intended target and running a destructive database-extortion playbook against the victim's production database server. JADEPUFFER is considered an agentic threat actor (ATA), or an operator whose attack capability is delivered by an AI agent rather than a human-driven toolkit.

The most striking characteristic, however, was the LLM's behavior. JADEPUFFER's own payloads were self-narrating. They contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don’t often write but LLM-generated code produces reflexively. The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.

The research below examines the Sysdig TRT’s observations of JADEPUFFER, along with its indicators of compromise and recommended defensive actions."

sysdig.com/blog/jadepuffer-age

#AI #AiAgents #AgenticAI #CyberSecurity #LLMs #Ransomware #Jadepuffer

  • 2
  • 0
  • 0
  • 16h ago
Profile picture fallback

We're here! AI Agent executed automated Ransomware operation.

JadePuffer used an autonomous AI agent for reconnaissance on the target, to steal credentials, move laterally, establish persistence, escalate privileges, and to encrypt data.

WHOA! “The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds,”

bleepingcomputer.com/news/secu

NIST CVE (CVE-2025-3248) posted here: nvd.nist.gov/vuln/detail/CVE-2 #JadePuffer #Ransomware #Security #Hackers #NIST_CVE #CVE2025_3248 #AgenticThreatActors #AI #AIAgents #CyberAttack #CyberSecurity #LLMs #MySQL #PostgreSQL #CVE #JadePuffer

  • 1
  • 1
  • 0
  • 23h ago
Profile picture fallback

⚠️ CRITICAL: Sysdig clocks first documented case of agentic ransomware

JadePuffer deployed the first documented end-to-end agentic ransomware attack in June 2026, using AI agents to autonomously conduct reconnaissance, steal credentials, move laterally, and encrypt systems. The attack exploited CVE-2025-3248 in Langflow and targeted MySQL and Alibaba Nacos instances.…

threatnoir.com/focus

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Tenda
  • firmware

06 Jul 2026
Published
06 Jul 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key). - After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuration. - It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password. A successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked — any username works with the backdoor

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 1 hour ago

Fediverse

Profile picture fallback

‼️ New Dark Web Informer Blog Post!

Title: When the Password Check Fails, You're In: The Hidden Admin Backdoor in Tenda Router Firmware (CVE-2026-11405)

Link: darkwebinformer.com/when-the-p

  • 0
  • 1
  • 0
  • 1h ago
Profile picture fallback

CVE-2026-11405 is a Tenda authentication backdoor. It allows full administrative access without valid credentials. Protect your network with these steps.

securityonline.info/cve-2026-1

  • 0
  • 0
  • 0
  • 12h ago

Bluesky

Profile picture fallback
Undocumented firmware backdoor bypasses password checks, granting full admin access to Tenda web management interfaces via CVE-2026-11405.
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Linux
  • Linux

08 May 2026
Published
11 May 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.16%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bond_setup_by_slave() kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI RIP: 0010:pskb_expand_head+0xa08/0xfe0 net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff88807e3c8780 RCX: ffffffff89593e0e RDX: ffff88807b7c4900 RSI: ffffffff89594747 RDI: ffff88807b7c4900 RBP: 0000000000000820 R08: 0000000000000005 R09: 0000000000000000 R10: 00000000961a63e0 R11: 0000000000000000 R12: ffff88807e3c8780 R13: 00000000961a6560 R14: dffffc0000000000 R15: 00000000961a63e0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe1a0ed8df0 CR3: 000000002d816000 CR4: 00000000003526f0 Call Trace: <TASK> ipgre_header+0xdd/0x540 net/ipv4/ip_gre.c:900 dev_hard_header include/linux/netdevice.h:3439 [inline] packet_snd net/packet/af_packet.c:3028 [inline] packet_sendmsg+0x3ae5/0x53c0 net/packet/af_packet.c:3108 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0xa54/0xc30 net/socket.c:2592 ___sys_sendmsg+0x190/0x1e0 net/socket.c:2646 __sys_sendmsg+0x170/0x220 net/socket.c:2678 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fe1a0e6c1a9 When a non-Ethernet device (e.g. GRE tunnel) is enslaved to a bond, bond_setup_by_slave() directly copies the slave's header_ops to the bond device: bond_dev->header_ops = slave_dev->header_ops; This causes a type confusion when dev_hard_header() is later called on the bond device. Functions like ipgre_header(), ip6gre_header(),all use netdev_priv(dev) to access their device-specific private data. When called with the bond device, netdev_priv() returns the bond's private data (struct bonding) instead of the expected type (e.g. struct ip_tunnel), leading to garbage values being read and kernel crashes. Fix this by introducing bond_header_ops with wrapper functions that delegate to the active slave's header_ops using the slave's own device. This ensures netdev_priv() in the slave's header functions always receives the correct device. The fix is placed in the bonding driver rather than individual device drivers, as the root cause is bond blindly inheriting header_ops from the slave without considering that these callbacks expect a specific netdev_priv() layout. The type confusion can be observed by adding a printk in ipgre_header() and running the following commands: ip link add dummy0 type dummy ip addr add 10.0.0.1/24 dev dummy0 ip link set dummy0 up ip link add gre1 type gre local 10.0.0.1 ip link add bond1 type bond mode active-backup ip link set gre1 master bond1 ip link set gre1 up ip link set bond1 up ip addr add fe80::1/64 dev bond1

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 6 hours ago

Bluesky

Profile picture fallback
Reporting a 19+ Years Hidden Linux Kernel Zero-Day for Google kernelCTF: CVE-2026-43456 https://lobste.rs/s/txjns0 #security #linux #networking
  • 0
  • 2
  • 0
  • 6h ago
Profile picture fallback
19年以上見過ごされていたLinux kernelのゼロデイ脆弱性を報告した話:CVE-2026-43456 | セキュリティブログ | 脆弱性診断(セキュリティ診断)のGMOサイバーセキュリティ byイエラエ gmo-cybersecurity.com/blog/19-year...
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

22 May 2026
Published
02 Jul 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
3.22%

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Statistics

  • 2 Posts

Last activity: 17 hours ago

Bluesky

Profile picture fallback
CISA、SharePoint Serverの脆弱性 CVE-2026-45659をサイバー攻撃への悪用実績ありとしてKEVに追加 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
🚨 Guía de remediación urgente: #Vulnerabilidad RCE en #SharePoint (CVE-2026-45659) www.newstecnicas.com/2026/05/guia...
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Gitea
  • Gitea Open Source Git Server

03 Jul 2026
Published
05 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.78%

KEV

Description

Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure reconbee.com/threat-actor... #cyberthreats #Giteadockerflaw #probe #cybersecurity #cyberattack
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • python-pillow
  • Pillow

06 Jul 2026
Published
07 Jul 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 11 hours ago

Fediverse

Profile picture fallback

CVE-2026-54060 - Supply chain attack in Pillow Python imaging library. FontFile.compile() bypasses decompression bomb check, enabling excessive memory allocation. CVSS 7.5. Update to Pillow 12.3.0 immediately. #CVE #infosec #Python

valtersit.com/cve/CVE-2026-540

  • 2
  • 0
  • 0
  • 11h ago
Showing 1 to 10 of 41 CVEs