CWE-364
AllowedSignal Handler Race Condition
Abstraction: Base · Status: Incomplete
The product uses a signal handler that introduces a race condition.
30 vulnerabilities reference this CWE, most recent first.
CVE-2019-3805 (GCVE-0-2019-3805)
Vulnerability from cvelistv5 – Published: 2019-05-03 19:25 – Updated: 2024-08-04 19:19| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2019:1107 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:1108 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:1106 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:1140 | vendor-advisoryx_refsource_REDHAT |
| https://security.netapp.com/advisory/ntap-2019051… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2019:2413 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2020:0727 | vendor-advisoryx_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805"
},
{
"name": "RHSA-2019:1107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1107"
},
{
"name": "RHSA-2019:1108",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1108"
},
{
"name": "RHSA-2019:1106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1106"
},
{
"name": "RHSA-2019:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1140"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190517-0004/"
},
{
"name": "RHSA-2019:2413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"name": "RHSA-2020:0727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wildfly",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "affects up to 16.0.0.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-364",
"description": "CWE-364",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805"
},
{
"name": "RHSA-2019:1107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1107"
},
{
"name": "RHSA-2019:1108",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1108"
},
{
"name": "RHSA-2019:1106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1106"
},
{
"name": "RHSA-2019:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1140"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190517-0004/"
},
{
"name": "RHSA-2019:2413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"name": "RHSA-2020:0727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3805",
"datePublished": "2019-05-03T19:25:28.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-2968-FMVC-R6GW
Vulnerability from github – Published: 2023-04-14 03:30 – Updated: 2024-04-04 03:27Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in Ethernet communication by sending a large number of specially crafted packets to any UDP port when GC-ENET-COM is configured as a Modbus TCP Server. The communication resumes only when the power of the main unit is turned off and on or when the GC-ENET-COM is hot-swapped from the main unit.
{
"affected": [],
"aliases": [
"CVE-2023-1285"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-14T03:15:00Z",
"severity": "MODERATE"
},
"details": "Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are \"16\" allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in Ethernet communication by sending a large number of specially crafted packets to any UDP port when GC-ENET-COM is configured as a Modbus TCP Server. The communication resumes only when the power of the main unit is turned off and on or when the GC-ENET-COM is hot-swapped from the main unit.\n",
"id": "GHSA-2968-fmvc-r6gw",
"modified": "2024-04-04T03:27:36Z",
"published": "2023-04-14T03:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1285"
},
{
"type": "WEB",
"url": "https://mitsubishielectric.in/fa/cnc-pdf/DoS_in_Ethernet_Communication_Extension_Unit_GC_ENET_COM_of_GOC35_Series.pdf"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-15"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2X8C-95VH-GFV4
Vulnerability from github – Published: 2024-07-01 15:32 – Updated: 2026-05-12 12:31A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
{
"affected": [],
"aliases": [
"CVE-2024-6387"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T13:15:06Z",
"severity": "HIGH"
},
"details": "A signal handler race condition was found in OpenSSH\u0027s server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd\u0027s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().",
"id": "GHSA-2x8c-95vh-gfv4",
"modified": "2026-05-12T12:31:59Z",
"published": "2024-07-01T15:32:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6387"
},
{
"type": "WEB",
"url": "https://github.com/rapier1/hpn-ssh/issues/87"
},
{
"type": "WEB",
"url": "https://github.com/oracle/oracle-linux/issues/149"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/azurelinux/issues/9555"
},
{
"type": "WEB",
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249"
},
{
"type": "WEB",
"url": "https://github.com/Azure/AKS/issues/4379"
},
{
"type": "WEB",
"url": "https://github.com/AlmaLinux/updates/issues/629"
},
{
"type": "WEB",
"url": "https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09"
},
{
"type": "WEB",
"url": "https://packetstorm.news/files/id/190587"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010"
},
{
"type": "WEB",
"url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2024-6387"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240701-0001"
},
{
"type": "WEB",
"url": "https://sig-security.rocky.page/issues/CVE-2024-6387"
},
{
"type": "WEB",
"url": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214118"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214119"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214120"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/CVE-2024-6387"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/notices/USN-6859-1"
},
{
"type": "WEB",
"url": "https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/52269"
},
{
"type": "WEB",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc"
},
{
"type": "WEB",
"url": "https://www.openssh.com/txt/release-9.8"
},
{
"type": "WEB",
"url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"
},
{
"type": "WEB",
"url": "https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html"
},
{
"type": "WEB",
"url": "https://www.suse.com/security/cve/CVE-2024-6387.html"
},
{
"type": "WEB",
"url": "https://www.theregister.com/2024/07/01/regresshion_openssh"
},
{
"type": "WEB",
"url": "https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4312"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4340"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4389"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4469"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4474"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4479"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4484"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-6387"
},
{
"type": "WEB",
"url": "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1"
},
{
"type": "WEB",
"url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux"
},
{
"type": "WEB",
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-446545.html"
},
{
"type": "WEB",
"url": "https://explore.alas.aws.amazon.com/CVE-2024-6387.html"
},
{
"type": "WEB",
"url": "https://forum.vmssoftware.com/viewtopic.php?f=8\u0026t=9132"
},
{
"type": "WEB",
"url": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc"
},
{
"type": "WEB",
"url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248"
},
{
"type": "WEB",
"url": "https://github.com/zgzhang/cve-2024-6387-poc"
},
{
"type": "WEB",
"url": "https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY"
},
{
"type": "WEB",
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
},
{
"type": "WEB",
"url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html"
},
{
"type": "WEB",
"url": "https://news.ycombinator.com/item?id=40843778"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/12"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/13"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/02/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/04/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/04/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/08/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/08/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/11/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/11/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-382C-R87V-M473
Vulnerability from github – Published: 2026-05-19 06:30 – Updated: 2026-05-19 06:30in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.
{
"affected": [],
"aliases": [
"CVE-2026-27766"
],
"database_specific": {
"cwe_ids": [
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-19T04:16:28Z",
"severity": "MODERATE"
},
"details": "in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.",
"id": "GHSA-382c-r87v-m473",
"modified": "2026-05-19T06:30:29Z",
"published": "2026-05-19T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27766"
},
{
"type": "WEB",
"url": "https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-05.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3HP3-3R3C-HW6C
Vulnerability from github – Published: 2026-05-19 06:30 – Updated: 2026-05-19 06:30in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
{
"affected": [],
"aliases": [
"CVE-2026-33565"
],
"database_specific": {
"cwe_ids": [
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-19T04:16:31Z",
"severity": "LOW"
},
"details": "in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.",
"id": "GHSA-3hp3-3r3c-hw6c",
"modified": "2026-05-19T06:30:30Z",
"published": "2026-05-19T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33565"
},
{
"type": "WEB",
"url": "https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-05.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3RRQ-FWHX-9WQ4
Vulnerability from github – Published: 2026-03-24 15:30 – Updated: 2026-06-30 03:35Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.
{
"affected": [],
"aliases": [
"CVE-2026-4684"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-24T13:16:04Z",
"severity": "HIGH"
},
"details": "Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, and Firefox ESR \u003c 140.9.",
"id": "GHSA-3rrq-fwhx-9wq4",
"modified": "2026-06-30T03:35:58Z",
"published": "2026-03-24T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4684"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5930"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8287"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8288"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8289"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8290"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8315"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8427"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8850"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-4684"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011129"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450721"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4684.json"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5931"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5932"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6188"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6342"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6917"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7837"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7838"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7839"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7840"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7841"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7842"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7843"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7845"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7858"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8284"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8285"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8286"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4PQW-3H25-QRQ3
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-06-30 03:37In the Linux kernel, the following vulnerability has been resolved:
zram: fix use-after-free in zram_bvec_write_partial()
zram_read_page() picks the sync or async backing device read path based on whether the parent bio is NULL. zram_bvec_write_partial() passes its parent bio down, so for ZRAM_WB slots the read is dispatched asynchronously and zram_read_page() returns 0 while the bio is still in flight. The caller then runs memcpy_from_bvec(), zram_write_page() and __free_page() on the buffer, leaving the async read to write into a freed page.
zram_bvec_read_partial() was switched to NULL in commit 4e3c87b9421d ("zram: fix synchronous reads") for the same reason; the write_partial counterpart was missed.
{
"affected": [],
"aliases": [
"CVE-2026-53185"
],
"database_specific": {
"cwe_ids": [
"CWE-364",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:35Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix use-after-free in zram_bvec_write_partial()\n\nzram_read_page() picks the sync or async backing device read path based on\nwhether the parent bio is NULL. zram_bvec_write_partial() passes its\nparent bio down, so for ZRAM_WB slots the read is dispatched\nasynchronously and zram_read_page() returns 0 while the bio is still in\nflight. The caller then runs memcpy_from_bvec(), zram_write_page() and\n__free_page() on the buffer, leaving the async read to write into a freed\npage.\n\nzram_bvec_read_partial() was switched to NULL in commit 4e3c87b9421d\n(\"zram: fix synchronous reads\") for the same reason; the write_partial\ncounterpart was missed.",
"id": "GHSA-4pqw-3h25-qrq3",
"modified": "2026-06-30T03:37:13Z",
"published": "2026-06-25T09:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53185"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-53185"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492735"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c2821665ff71be3f4b07ecece384669f2877f6a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/198b5a14cca27263b9c14b20114c8092de15dfcb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/732fd9f0b9c1cdc6dfd77162ded60df005182cc0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/77a602b505ce4802915853cfc435a4722fab3e64"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c96786d6ff1acc1d54d9241e97767554c1dfdd5b"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53185.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5CH2-QVR7-76CH
Vulnerability from github – Published: 2023-11-15 15:30 – Updated: 2025-11-04 00:30In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.
{
"affected": [],
"aliases": [
"CVE-2023-5676"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-15T14:15:07Z",
"severity": "MODERATE"
},
"details": "In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.",
"id": "GHSA-5ch2-qvr7-76ch",
"modified": "2025-11-04T00:30:41Z",
"published": "2023-11-15T15:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5676"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-openj9/openj9/pull/18085"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/13"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241108-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6P7X-C5RV-9W7V
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-06-30 03:36In the Linux kernel, the following vulnerability has been resolved:
can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
isotp_sendmsg() uses only cmpxchg() on so->tx.state to serialize access to so->tx.buf. isotp_release() waits for ISOTP_IDLE via wait_event_interruptible() and then calls kfree(so->tx.buf).
If a signal interrupts the wait_event_interruptible() inside close() while tx.state is ISOTP_SENDING, the loop exits early and release proceeds to force ISOTP_SHUTDOWN and continues to kfree(so->tx.buf) while sendmsg may still be reading so->tx.buf for the final CAN frame in isotp_fill_dataframe().
The so->tx.buf can be allocated once when the standard tx.buf length needs to be extended. Move the kfree() of this potentially extended tx.buf to sk_destruct time when either isotp_sendmsg() and isotp_release() are done.
{
"affected": [],
"aliases": [
"CVE-2026-31474"
],
"database_specific": {
"cwe_ids": [
"CWE-364",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:44Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: isotp: fix tx.buf use-after-free in isotp_sendmsg()\n\nisotp_sendmsg() uses only cmpxchg() on so-\u003etx.state to serialize access\nto so-\u003etx.buf. isotp_release() waits for ISOTP_IDLE via\nwait_event_interruptible() and then calls kfree(so-\u003etx.buf).\n\nIf a signal interrupts the wait_event_interruptible() inside close()\nwhile tx.state is ISOTP_SENDING, the loop exits early and release\nproceeds to force ISOTP_SHUTDOWN and continues to kfree(so-\u003etx.buf)\nwhile sendmsg may still be reading so-\u003etx.buf for the final CAN frame\nin isotp_fill_dataframe().\n\nThe so-\u003etx.buf can be allocated once when the standard tx.buf length needs\nto be extended. Move the kfree() of this potentially extended tx.buf to\nsk_destruct time when either isotp_sendmsg() and isotp_release() are done.",
"id": "GHSA-6p7x-c5rv-9w7v",
"modified": "2026-06-30T03:36:22Z",
"published": "2026-04-22T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31474"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27288"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27731"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27789"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-31474"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460646"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e62e7051eca75a7f2e3d52d62ec10d7d7aa358c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/424e95d62110cdbc8fd12b40918f37e408e35a92"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9649d051e54413049c009638ec1dc23962c884a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cb3d6efa78460e6d50bf68806d0db66265709f64"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eec8a1b18a79600bd4419079dc0026c1db72a830"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31474.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-79HG-H6R6-64MM
Vulnerability from github – Published: 2024-07-08 18:31 – Updated: 2024-08-22 15:31A signal handler race condition vulnerability was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server.
{
"affected": [],
"aliases": [
"CVE-2024-6409"
],
"database_specific": {
"cwe_ids": [
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-08T18:15:09Z",
"severity": "HIGH"
},
"details": "A signal handler race condition vulnerability was found in OpenSSH\u0027s server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd\u0027s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server.",
"id": "GHSA-79hg-h6r6-64mm",
"modified": "2024-08-22T15:31:16Z",
"published": "2024-07-08T18:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6409"
},
{
"type": "WEB",
"url": "https://github.com/openela-main/openssh/commit/c00da7741d42029e49047dd89e266d91dcfbffa0"
},
{
"type": "WEB",
"url": "https://www.suse.com/security/cve/CVE-2024-6409.html"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/CVE-2024-6409"
},
{
"type": "WEB",
"url": "https://sig-security.rocky.page/issues/CVE-2024-6409"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240712-0003"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2024-6409"
},
{
"type": "WEB",
"url": "https://explore.alas.aws.amazon.com/CVE-2024-6409.html"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1227217"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295085"
},
{
"type": "WEB",
"url": "https://almalinux.org/blog/2024-07-09-cve-2024-6409"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-6409"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:5444"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4955"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4910"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4716"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4613"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4457"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/08/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-3
Strategy: Language Selection
Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
Mitigation
Design signal handlers to only set flags, rather than perform complex functionality. These flags can then be checked and acted upon within the main program loop.
Mitigation
Only use reentrant functions within signal handlers. Also, use validation to ensure that state is consistent while performing asynchronous actions that affect the state of execution.
No CAPEC attack patterns related to this CWE.