24h | 7d | 30d

Overview

  • Linux
  • Linux

08 May 2026
Published
11 May 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.16%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bond_setup_by_slave() kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI RIP: 0010:pskb_expand_head+0xa08/0xfe0 net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff88807e3c8780 RCX: ffffffff89593e0e RDX: ffff88807b7c4900 RSI: ffffffff89594747 RDI: ffff88807b7c4900 RBP: 0000000000000820 R08: 0000000000000005 R09: 0000000000000000 R10: 00000000961a63e0 R11: 0000000000000000 R12: ffff88807e3c8780 R13: 00000000961a6560 R14: dffffc0000000000 R15: 00000000961a63e0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe1a0ed8df0 CR3: 000000002d816000 CR4: 00000000003526f0 Call Trace: <TASK> ipgre_header+0xdd/0x540 net/ipv4/ip_gre.c:900 dev_hard_header include/linux/netdevice.h:3439 [inline] packet_snd net/packet/af_packet.c:3028 [inline] packet_sendmsg+0x3ae5/0x53c0 net/packet/af_packet.c:3108 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0xa54/0xc30 net/socket.c:2592 ___sys_sendmsg+0x190/0x1e0 net/socket.c:2646 __sys_sendmsg+0x170/0x220 net/socket.c:2678 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fe1a0e6c1a9 When a non-Ethernet device (e.g. GRE tunnel) is enslaved to a bond, bond_setup_by_slave() directly copies the slave's header_ops to the bond device: bond_dev->header_ops = slave_dev->header_ops; This causes a type confusion when dev_hard_header() is later called on the bond device. Functions like ipgre_header(), ip6gre_header(),all use netdev_priv(dev) to access their device-specific private data. When called with the bond device, netdev_priv() returns the bond's private data (struct bonding) instead of the expected type (e.g. struct ip_tunnel), leading to garbage values being read and kernel crashes. Fix this by introducing bond_header_ops with wrapper functions that delegate to the active slave's header_ops using the slave's own device. This ensures netdev_priv() in the slave's header functions always receives the correct device. The fix is placed in the bonding driver rather than individual device drivers, as the root cause is bond blindly inheriting header_ops from the slave without considering that these callbacks expect a specific netdev_priv() layout. The type confusion can be observed by adding a printk in ipgre_header() and running the following commands: ip link add dummy0 type dummy ip addr add 10.0.0.1/24 dev dummy0 ip link set dummy0 up ip link add gre1 type gre local 10.0.0.1 ip link add bond1 type bond mode active-backup ip link set gre1 master bond1 ip link set gre1 up ip link set bond1 up ip addr add fe80::1/64 dev bond1

Statistics

  • 4 Posts
  • 1 Interaction

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Unearthing a 19-Year-Old Linux Kernel Zero-Day: The Deep Dive into CVE-2026-43456

Learn how CVE-2026-43456, a 19-year-old Linux kernel zero-day, enables privilege escalation through a bonding driver type confusion vulnerability

thecybersecguru.com/exploits/c

  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback

19年以上見過ごされていたLinux kernelのゼロデイ脆弱性を報告した話:CVE-2026-43456 | セキュリティブログ | 脆弱性診断(セキュリティ診断)のGMOサイバーセキュリティ byイエラエ gmo-cybersecurity.com/blog/19-

  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
CISA highlights the active exploitation of Linux kernel zero-day CVE-2026-43456, a vulnerability allowing privilege escalation to root. It affects multiple versions and is in CISA's KEV catalog. Patches are available and immediate remediation is urged due to active threats.
  • 0
  • 1
  • 0
  • 6h ago
Profile picture fallback
Linux kernel CVE-2026-43456: bonding driver type confusion, affected kernels, and patch status
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Linux
  • Linux

30 May 2026
Published
04 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.12%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_lock but then kept using @file inside the critical section (is_file_epoll(), hlist_del_rcu() through the head, spin_unlock). A concurrent __fput() taking the eventpoll_release() fastpath in that window observed the transient NULL, skipped eventpoll_release_file() and ran to f_op->release / file_free(). For the epoll-watches-epoll case, f_op->release is ep_eventpoll_release() -> ep_clear_and_put() -> ep_free(), which kfree()s the watched struct eventpoll. Its embedded ->refs hlist_head is exactly where epi->fllink.pprev points, so the subsequent hlist_del_rcu()'s "*pprev = next" scribbles into freed kmalloc-192 memory. In addition, struct file is SLAB_TYPESAFE_BY_RCU, so the slot backing @file could be recycled by alloc_empty_file() -- reinitializing f_lock and f_ep -- while ep_remove() is still nominally inside that lock. The upshot is an attacker-controllable kmem_cache_free() against the wrong slab cache. Pin @file via epi_fget() at the top of ep_remove() and gate the critical section on the pin succeeding. With the pin held @file cannot reach refcount zero, which holds __fput() off and transitively keeps the watched struct eventpoll alive across the hlist_del_rcu() and the f_lock use, closing both UAFs. If the pin fails @file has already reached refcount zero and its __fput() is in flight. Because we bailed before clearing f_ep, that path takes the eventpoll_release() slow path into eventpoll_release_file() and blocks on ep->mtx until the waiter side's ep_clear_and_put() drops it. The bailed epi's share of ep->refcount stays intact, so the trailing ep_refcount_dec_and_test() in ep_clear_and_put() cannot free the eventpoll out from under eventpoll_release_file(); the orphaned epi is then cleaned up there. A successful pin also proves we are not racing eventpoll_release_file() on this epi, so drop the now-redundant re-check of epi->dying under f_lock. The cheap lockless READ_ONCE(epi->dying) fast-path bailout stays.

Statistics

  • 4 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

Bad Epoll: Inside CVE-2026-46242, the Race Condition an AI Model Read Right Past

Learn how Bad Epoll (CVE-2026-46242) enables Linux root access through an epoll race condition, why AI missed it, exploit details, impact, and mitigation

thecybersecguru.com/exploits/c

  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback

Here's a summary of the latest geopolitical, technology, and cybersecurity news:

Geopolitics: Russian President Putin and U.S. President Trump held a 90-minute call on July 4th. Russia claims to have captured Kostyantynivka in eastern Donetsk, Ukraine.
Technology: Grok 4.5 has entered private beta at SpaceX/Tesla. Meta plans to rent out its AI computing power. Micron is expanding high-bandwidth memory (HBM) production in Japan. Five Eyes alliance warns AI-fueled cyberattacks are "months away."
Cybersecurity: A critical "Bad Epoll" Linux kernel flaw (CVE-2026-46242) allows root access on Linux/Android. AI-automated JadePuffer ransomware has been detected. Lazarus Group is pushing 108 malicious packages.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
Bad Epoll (CVE-2026-46242): The 6-Instruction Race Condition That Grants Root Access on Linux and Android + Video Introduction: A newly disclosed Linux kernel flaw dubbed "Bad Epoll" (CVE-2026-46242) allows an unprivileged local user to escalate to root on Linux servers, desktops, and Android…
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
Linux Kernel: Critical Local Privilege Escalation via Bad Epoll CVE-2026-46242 https://simplysecuregroup.com/new-bad-epoll-0-day-vulnerability-allows-root-access-on-linux-servers-and-android-devices https://flagthis.com/tldr/4789 ##LinuxKernel ##LPE ##Android ##VulnerabilityResearch ##CVE202646242
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Linux
  • Linux

23 May 2026
Published
03 Jul 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.14%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when moving frags from source to destination. __pskb_copy_fclone() defers the rest of the shinfo metadata to skb_copy_header() after copying frag descriptors, but that helper only carries over gso_{size,segs, type} and never touches skb_shinfo()->flags; skb_shift() moves frag descriptors directly and leaves flags untouched. As a result, the destination skb keeps a reference to the same externally-owned or page-cache-backed pages while reporting skb_has_shared_frag() as false. The mismatch is harmful in any in-place writer that uses skb_has_shared_frag() to decide whether shared pages must be detoured through skb_cow_data(). ESP input is one such writer (esp4.c, esp6.c), and a single nft 'dup to <local>' rule -- or any other nf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()'d skb in esp_input() with the marker stripped, letting an unprivileged user write into the page cache of a root-owned read-only file via authencesn-ESN stray writes. Set SKBFL_SHARED_FRAG on the destination whenever frag descriptors were actually moved from the source. skb_copy() and skb_copy_expand() share skb_copy_header() too but linearize all paged data into freshly allocated head storage and emerge with nr_frags == 0, so skb_has_shared_frag() returns false on its own; they need no change. The same omission exists in skb_gro_receive() and skb_gro_receive_list(). The former moves the incoming skb's frag descriptors into the accumulator's last sub-skb via two paths (a direct frag-move loop and the head_frag + memcpy path); the latter chains the incoming skb whole onto p's frag_list. Downstream skb_segment() reads only skb_shinfo(p)->flags, and skb_segment_list() reuses each sub-skb's shinfo as the nskb -- both p and lp must carry the marker. The same omission also exists in tcp_clone_payload(), which builds an MTU probe skb by moving frag descriptors from skbs on sk_write_queue into a freshly allocated nskb. The helper falls into the same family and warrants the same fix for consistency; no TCP TX-side in-place writer is currently known to reach a user page through this gap, but a future consumer depending on the marker would regress silently. The same omission exists in skb_segment(): the per-iteration flag merge takes only head_skb's flag, and the inner switch that rebinds frag_skb to list_skb on head_skb-frags exhaustion does not fold the new frag_skb's flag into nskb. Fold frag_skb's flag at both sites so segments drawing frags from frag_list members carry the marker.

Statistics

  • 2 Posts
  • 10 Interactions

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Dissecting and Exploiting Linux LPE Variant: DirtyClone (CVE-2026-43503): research.jfrog.com/post/dissect... #cve #linux #cybersecurity #informationsecurity #exploitation #vulnerability
  • 0
  • 1
  • 0
  • 2h ago

Overview

  • SimpleHelp
  • SimpleHelp

12 Jun 2026
Published
30 Jun 2026
Updated

CVSS v4.0
CRITICAL (9.5)
EPSS
1.16%

Description

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 18 hours ago

Fediverse

Profile picture fallback

« The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems. »
darkreading.com/cyberattacks-d

  • 1
  • 0
  • 0
  • 18h ago

Overview

  • exo-explore
  • exo

05 Jul 2026
Published
05 Jul 2026
Updated

CVSS v4.0
MEDIUM (6.3)
EPSS
Pending

KEV

Description

A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture fallback

CVE-2026-14738 (MEDIUM, CVSS 6.3) impacts exo-explore exo ≤1.0.71. Weak hash in Vision Feature Cache, remote exploit released, high complexity. Patch pending. Review deployments & monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Microsoft
  • Microsoft Exchange Server 2016 Cumulative Update 23

09 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.46%

KEV

Description

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
CVE-2026-45504: The 88 CVSS Exchange SSRF Vulnerability That Lets Any Low-Privilege User Steal Your Server Files – Public PoC Now Available + Video Introduction: Microsoft Exchange Server, the backbone of enterprise email and collaboration for countless organizations, is once again in the…
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • mjperpinosa
  • stumasy

05 Jul 2026
Published
05 Jul 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
Pending

KEV

Description

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notes_controller::search_scratch_data of the file application/PHP/objects/notes/search_scratch_data.php. This manipulation of the argument field_name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture fallback

SQL injection (MEDIUM, CVE-2026-14751) in mjperpinosa stumasy: All versions at risk via Notes_controller::search_scratch_data. No patch yet, public exploit exists. Sanitize field_name & restrict access. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

22 May 2026
Published
02 Jul 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
3.22%

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Statistics

  • 2 Posts

Last activity: 6 hours ago

Fediverse

Profile picture fallback

Geopolitical: US-Iran talks paused for funeral (July 4-5, 2026). Ukraine's Zelenskiy and Trump discussed the Russia-Ukraine war.

Technology: SK Telecom plans a 15GW AI data center in Asia (July 5, 2026). OpenAI reportedly eyes US government equity.

Cybersecurity: CISA urged patching an actively exploited SharePoint RCE (CVE-2026-45659) by July 4, 2026. Ransomware attacks typically spike during US holidays. A Homeland Security network (HSIN) breach was reported.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback

Here's a brief on recent geopolitical, technology, and cybersecurity developments:

Geopolitically, Russia claims control of Kostyantynivka in Ukraine, and Presidents Putin and Trump discussed Ukraine ahead of the upcoming NATO summit. In technology, Amazon launched its satellite internet service to compete with Starlink, and Alibaba banned Anthropic AI usage amidst a data dispute. Cybersecurity noted a US government entity paid $1 million in a data-theft extortion, while a critical SharePoint RCE (CVE-2026-45659) is actively exploited. AI-powered phishing and scams are also targeting the World Cup 2026.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • NetScaler
  • ADC

30 Jun 2026
Published
30 Jun 2026
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.50%

KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

Statistics

  • 2 Posts

Last activity: 4 hours ago

Fediverse

Profile picture fallback

CVE-2026-8451 hit NetScaler SAML IDP instances within hours of disclosure, unauthenticated memory leak via XML parser bug. Patch now or disable SAML IDP, no excuses left.
securityweek.com/new-citrixble

  • 0
  • 0
  • 1
  • 4h ago

Overview

  • QNAP Systems Inc.
  • QTS

10 Jun 2026
Published
12 Jun 2026
Updated

CVSS v4.0
LOW (1.2)
EPSS
0.29%

KEV

Description

QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:

Statistics

  • 1 Post

Last activity: 4 hours ago
Showing 1 to 10 of 38 CVEs