Vulnerability-Lookup

SUSE-SU-2026:2137-1

Vulnerability from csaf_suse - Published: 2026-05-30 18:34 - Updated: 2026-05-30 18:34

Summary

Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5)

Description of the patch: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.258 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096). - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798). - CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224). - CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).

Patchnames: SUSE-2026-2137,SUSE-SLE-Live-Patching-12-SP5-2026-2137

CVE-2025-54518

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-23243

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-46300

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-46333

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

28 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2026…	self
https://bugzilla.suse.com/1259798	self
https://bugzilla.suse.com/1264096	self
https://bugzilla.suse.com/1265224	self
https://bugzilla.suse.com/1265384	self
https://www.suse.com/security/cve/CVE-2025-54518/	self
https://www.suse.com/security/cve/CVE-2026-23243/	self
https://www.suse.com/security/cve/CVE-2026-46300/	self
https://www.suse.com/security/cve/CVE-2026-46333/	self
https://www.suse.com/security/cve/CVE-2025-54518	external
https://bugzilla.suse.com/1264013	external
https://bugzilla.suse.com/1264066	external
https://bugzilla.suse.com/1264096	external
https://www.suse.com/security/cve/CVE-2026-23243	external
https://bugzilla.suse.com/1259797	external
https://bugzilla.suse.com/1259798	external
https://www.suse.com/security/cve/CVE-2026-46300	external
https://bugzilla.suse.com/1265209	external
https://bugzilla.suse.com/1265226	external
https://bugzilla.suse.com/1265312	external
https://bugzilla.suse.com/1265383	external
https://bugzilla.suse.com/1265960	external
https://www.suse.com/security/cve/CVE-2026-46333	external
https://bugzilla.suse.com/1265308	external
https://bugzilla.suse.com/1265384	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for the SUSE Linux Enterprise Kernel 4.12.14-122.258 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-2137,SUSE-SLE-Live-Patching-12-SP5-2026-2137",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2137-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:2137-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262137-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:2137-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-June/046891.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259798",
        "url": "https://bugzilla.suse.com/1259798"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1264096",
        "url": "https://bugzilla.suse.com/1264096"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1265224",
        "url": "https://bugzilla.suse.com/1265224"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1265384",
        "url": "https://bugzilla.suse.com/1265384"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-54518 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-54518/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23243 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23243/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-46300 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-46300/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-46333 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-46333/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5)",
    "tracking": {
      "current_release_date": "2026-05-30T18:34:14Z",
      "generator": {
        "date": "2026-05-30T18:34:14Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:2137-1",
      "initial_release_date": "2026-05-30T18:34:14Z",
      "revision_history": [
        {
          "date": "2026-05-30T18:34:14Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
                  "product_id": "kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
                  "product_id": "kgraft-patch-4_12_14-122_258-default-17-2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64",
                  "product_id": "kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_258-default-17-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x"
        },
        "product_reference": "kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-54518",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-54518"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-54518",
          "url": "https://www.suse.com/security/cve/CVE-2025-54518"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1264013 for CVE-2025-54518",
          "url": "https://bugzilla.suse.com/1264013"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1264066 for CVE-2025-54518",
          "url": "https://bugzilla.suse.com/1264066"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1264096 for CVE-2025-54518",
          "url": "https://bugzilla.suse.com/1264096"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-30T18:34:14Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-54518"
    },
    {
      "cve": "CVE-2026-23243",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23243"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[  211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[  211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[  211.365867] ib_create_send_mad+0xa01/0x11b0\n[  211.365887] ib_umad_write+0x853/0x1c80",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23243",
          "url": "https://www.suse.com/security/cve/CVE-2026-23243"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259797 for CVE-2026-23243",
          "url": "https://bugzilla.suse.com/1259797"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259798 for CVE-2026-23243",
          "url": "https://bugzilla.suse.com/1259798"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-30T18:34:14Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-23243"
    },
    {
      "cve": "CVE-2026-46300",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-46300"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to.  If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers.  In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data().  If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags.  The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-46300",
          "url": "https://www.suse.com/security/cve/CVE-2026-46300"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265209 for CVE-2026-46300",
          "url": "https://bugzilla.suse.com/1265209"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265226 for CVE-2026-46300",
          "url": "https://bugzilla.suse.com/1265226"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265312 for CVE-2026-46300",
          "url": "https://bugzilla.suse.com/1265312"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265383 for CVE-2026-46300",
          "url": "https://bugzilla.suse.com/1265383"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265960 for CVE-2026-46300",
          "url": "https://bugzilla.suse.com/1265960"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-30T18:34:14Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-46300"
    },
    {
      "cve": "CVE-2026-46333",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-46333"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS).  Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-46333",
          "url": "https://www.suse.com/security/cve/CVE-2026-46333"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265308 for CVE-2026-46333",
          "url": "https://bugzilla.suse.com/1265308"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265384 for CVE-2026-46333",
          "url": "https://bugzilla.suse.com/1265384"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_258-default-17-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-30T18:34:14Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-46333"
    }
  ]
}

CVE-2025-54518 (GCVE-0-2025-54518)

Vulnerability from cvelistv5 – Published: 2026-05-15 03:06 – Updated: 2026-05-16 03:56

Summary

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.

Severity

7.3 (High)


                        
                          CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-1189 - Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

Assigner

AMD

References

3 references

URL	Tags
https://www.amd.com/en/resources/product-security…
http://www.openwall.com/lists/oss-security/2026/0…
http://xenbits.xen.org/xsa/advisory-490.html

Impacted products

14 products

Vendor	Product	Version
AMD	AMD EPYC™ 7002 Series Processors	Unaffected: os kernel
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Unaffected: RenoirPI-FP6_1.0.0.Ed
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Unaffected: MendocinoPI-FT6_1.0.0.7f
AMD	AMD Ryzen™ 3000 Series Desktop Processors	Unaffected: ComboAM4v2 1.2.0.10
AMD	AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors	Unaffected: ChagallWSPI-sWRX8-1.0.0.D
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics	Unaffected: CezannePI-FP6_1.0.1.1d
AMD	AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors	Unaffected: CastlePeakWSPI-sWRX8 1.0.0.I
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics	Unaffected: CezannePI-FP6_1.0.1.1d
AMD	AMD Ryzen™ 4000 Series Desktop Processors	Unaffected: ComboAM4v2 1.2.0.10
AMD	AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics	Unaffected: ComboAM4v2 1.2.0.10
AMD	AMD Ryzen™ 3000 Series Desktop Processors	Unaffected: ComboAM4PI 1.0.0.10
AMD	AMD EPYC™ Embedded 7002 Series Processors	Unaffected: OS kernel
AMD	AMD Ryzen Embedded V2000A Series Processors	Unaffected: EmbeddedV2KAPI-FP6 1.0.0.A
AMD	AMD Ryzen™ Embedded V2000 Series Processors	Unaffected: EmbeddedPI-FP6_1.0.0.D

Date Public

2026-05-15 03:05

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-15T03:09:03.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/12/15"
          },
          {
            "url": "http://xenbits.xen.org/xsa/advisory-490.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54518",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-15T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-16T03:56:02.809Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "os kernel"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6_1.0.0.Ed"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6_1.0.0.7f"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 1.2.0.10"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8-1.0.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6_1.0.1.1d"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8 1.0.0.I"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6_1.0.1.1d"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6_1.0.1.1d"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 1.2.0.10"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 1.2.0.10"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.10"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "OS kernel"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen Embedded V2000A Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedV2KAPI-FP6 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6_1.0.0.D"
            }
          ]
        }
      ],
      "datePublic": "2026-05-15T03:05:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.\u003cbr\u003e"
            }
          ],
          "value": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1189",
              "description": "CWE-1189  Improper Isolation of Shared Resources on System-on-a-Chip (SoC)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-15T03:06:57.446Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7052.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-54518",
    "datePublished": "2026-05-15T03:06:30.822Z",
    "dateReserved": "2025-07-23T15:01:52.883Z",
    "dateUpdated": "2026-05-16T03:56:02.809Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-23243 (GCVE-0-2026-23243)

Vulnerability from cvelistv5 – Published: 2026-03-18 10:05 – Updated: 2026-05-11 22:03

Title

RDMA/umad: Reject negative data_len in ib_umad_write

Summary

In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, data_len can become negative and reach ib_create_send_mad(). This can make the padding calculation exceed the segment size and trigger an out-of-bounds memset in alloc_send_rmpp_list(). Add an explicit check to reject negative data_len before creating the send buffer. KASAN splat: [ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0 [ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102 [ 211.365867] ib_create_send_mad+0xa01/0x11b0 [ 211.365887] ib_umad_write+0x853/0x1c80

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/1371ef6b1ecf3676b…
https://git.kernel.org/stable/c/362e45fd9069ffa15…
https://git.kernel.org/stable/c/6eb2919474ca105c5…
https://git.kernel.org/stable/c/a6a3e4af10993cb9e…
https://git.kernel.org/stable/c/9c80d688f402539df…
https://git.kernel.org/stable/c/205955f29c26330b1…
https://git.kernel.org/stable/c/52ab82cc5cf8ada5c…
https://git.kernel.org/stable/c/5551b02fdbfd85a32…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 1371ef6b1ecf3676b8942f5dfb3634fb0648128e (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 362e45fd9069ffa1523f9f1633b606ebf72060d7 (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 6eb2919474ca105c5b13d19574e25f0ddcf19ca2 (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 9c80d688f402539dfc8f336de1380d6b4ee14316 (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 205955f29c26330b1dc7fdeadd5bb97c38e26f56 (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 5551b02fdbfd85a325bb857f3a8f9c9f33397ed2 (git)
Linux	Linux	Affected: 2.6.24 Unaffected: 0 , < 2.6.24 (semver) Unaffected: 5.10.252 , ≤ 5.10.* (semver) Unaffected: 5.15.202 , ≤ 5.15.* (semver) Unaffected: 6.1.165 , ≤ 6.1.* (semver) Unaffected: 6.6.128 , ≤ 6.6.* (semver) Unaffected: 6.12.75 , ≤ 6.12.* (semver) Unaffected: 6.18.14 , ≤ 6.18.* (semver) Unaffected: 6.19.4 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/core/user_mad.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1371ef6b1ecf3676b8942f5dfb3634fb0648128e",
              "status": "affected",
              "version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
              "versionType": "git"
            },
            {
              "lessThan": "362e45fd9069ffa1523f9f1633b606ebf72060d7",
              "status": "affected",
              "version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
              "versionType": "git"
            },
            {
              "lessThan": "6eb2919474ca105c5b13d19574e25f0ddcf19ca2",
              "status": "affected",
              "version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
              "versionType": "git"
            },
            {
              "lessThan": "a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d",
              "status": "affected",
              "version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
              "versionType": "git"
            },
            {
              "lessThan": "9c80d688f402539dfc8f336de1380d6b4ee14316",
              "status": "affected",
              "version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
              "versionType": "git"
            },
            {
              "lessThan": "205955f29c26330b1dc7fdeadd5bb97c38e26f56",
              "status": "affected",
              "version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
              "versionType": "git"
            },
            {
              "lessThan": "52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b",
              "status": "affected",
              "version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
              "versionType": "git"
            },
            {
              "lessThan": "5551b02fdbfd85a325bb857f3a8f9c9f33397ed2",
              "status": "affected",
              "version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/core/user_mad.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.24"
            },
            {
              "lessThan": "2.6.24",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.14",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.4",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[  211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[  211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[  211.365867] ib_create_send_mad+0xa01/0x11b0\n[  211.365887] ib_umad_write+0x853/0x1c80"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:03:05.550Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1371ef6b1ecf3676b8942f5dfb3634fb0648128e"
        },
        {
          "url": "https://git.kernel.org/stable/c/362e45fd9069ffa1523f9f1633b606ebf72060d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/6eb2919474ca105c5b13d19574e25f0ddcf19ca2"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c80d688f402539dfc8f336de1380d6b4ee14316"
        },
        {
          "url": "https://git.kernel.org/stable/c/205955f29c26330b1dc7fdeadd5bb97c38e26f56"
        },
        {
          "url": "https://git.kernel.org/stable/c/52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b"
        },
        {
          "url": "https://git.kernel.org/stable/c/5551b02fdbfd85a325bb857f3a8f9c9f33397ed2"
        }
      ],
      "title": "RDMA/umad: Reject negative data_len in ib_umad_write",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23243",
    "datePublished": "2026-03-18T10:05:05.826Z",
    "dateReserved": "2026-01-13T15:37:45.989Z",
    "dateUpdated": "2026-05-11T22:03:05.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-46300 (GCVE-0-2026-46300)

Vulnerability from cvelistv5 – Published: 2026-05-23 11:44 – Updated: 2026-05-30 10:49

Title

net: skbuff: preserve shared-frag marker during coalescing

Summary

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backed frags, but the shared-frag marker is currently lost. That breaks the invariant relied on by later in-place writers. In particular, ESP input checks skb_has_shared_frag() before deciding whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP receive coalescing has moved shared frags into an unmarked skb, ESP can see skb_has_shared_frag() as false and decrypt in place over page-cache backed frags. Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged frags. The tailroom copy path does not need the marker because it copies bytes into @to's linear data rather than transferring frag descriptors.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Assigner

Linux

References

12 references

URL	Tags
https://git.kernel.org/stable/c/3599e6b3cc1ada968…
https://git.kernel.org/stable/c/2f2b16022a2e10ca7…
https://git.kernel.org/stable/c/9d3e5fd19fe1063bf…
https://git.kernel.org/stable/c/78bf6b6bb19541d19…
https://git.kernel.org/stable/c/760e1addc27ba1a7b…
https://git.kernel.org/stable/c/3bd9e113d50034db9…
https://git.kernel.org/stable/c/3884358a9286b17f3…
https://git.kernel.org/stable/c/f84eca5817390257c…
http://www.openwall.com/lists/oss-security/2026/05/13/5
http://www.openwall.com/lists/oss-security/2026/0…
http://www.openwall.com/lists/oss-security/2026/0…
http://www.openwall.com/lists/oss-security/2026/0…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 3599e6b3cc1ada96883d496a50a210d3afbb6987 (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 9d3e5fd19fe1063bf607219e8562fbd567b8e8d5 (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 78bf6b6bb19541d19fbda6242e7cfe2c682763c0 (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 3bd9e113d50034db99d7ef69fd8e5242d15e414a (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 3884358a9286b17f389a72b1426fc4547c23c111 (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < f84eca5817390257cef78013d0112481c503b4a3 (git)
Linux	Linux	Affected: 3.9 Unaffected: 0 , < 3.9 (semver) Unaffected: 5.10.257 , ≤ 5.10.* (semver) Unaffected: 5.15.208 , ≤ 5.15.* (semver) Unaffected: 6.1.174 , ≤ 6.1.* (semver) Unaffected: 6.6.141 , ≤ 6.6.* (semver) Unaffected: 6.12.91 , ≤ 6.12.* (semver) Unaffected: 6.18.33 , ≤ 6.18.* (semver) Unaffected: 7.0.10 , ≤ 7.0.* (semver) Unaffected: 7.1-rc5 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-23T12:24:19.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/13/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/21/11"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/21/12"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/21/13"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/skbuff.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3599e6b3cc1ada96883d496a50a210d3afbb6987",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "9d3e5fd19fe1063bf607219e8562fbd567b8e8d5",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "78bf6b6bb19541d19fbda6242e7cfe2c682763c0",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "3bd9e113d50034db99d7ef69fd8e5242d15e414a",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "3884358a9286b17f389a72b1426fc4547c23c111",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "f84eca5817390257cef78013d0112481c503b4a3",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/skbuff.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.257",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.208",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.141",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1-rc5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.257",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.208",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.174",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.141",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.91",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.33",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.10",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1-rc5",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to.  If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers.  In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data().  If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags.  The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-30T10:49:36.824Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3599e6b3cc1ada96883d496a50a210d3afbb6987"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d3e5fd19fe1063bf607219e8562fbd567b8e8d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/78bf6b6bb19541d19fbda6242e7cfe2c682763c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e"
        },
        {
          "url": "https://git.kernel.org/stable/c/3bd9e113d50034db99d7ef69fd8e5242d15e414a"
        },
        {
          "url": "https://git.kernel.org/stable/c/3884358a9286b17f389a72b1426fc4547c23c111"
        },
        {
          "url": "https://git.kernel.org/stable/c/f84eca5817390257cef78013d0112481c503b4a3"
        }
      ],
      "title": "net: skbuff: preserve shared-frag marker during coalescing",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-46300",
    "datePublished": "2026-05-23T11:44:02.231Z",
    "dateReserved": "2026-05-13T15:03:33.111Z",
    "dateUpdated": "2026-05-30T10:49:36.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-46333 (GCVE-0-2026-46333)

Vulnerability from cvelistv5 – Published: 2026-05-15 12:58 – Updated: 2026-05-23 16:07

Title

ptrace: slightly saner 'get_dumpable()' logic

Summary

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-269 - Improper Privilege Management

Assigner

Linux

References

14 references

URL	Tags
https://git.kernel.org/stable/c/93d4ba49d18e3d7fb…
https://git.kernel.org/stable/c/15b828a46f305ae9f…
https://git.kernel.org/stable/c/4709234fd1b95136c…
https://git.kernel.org/stable/c/8f907d345bae8f4b3…
https://git.kernel.org/stable/c/6e5b51e74a40d377b…
https://git.kernel.org/stable/c/2a93a4fac7b6051d3…
https://git.kernel.org/stable/c/01363cb3fbd0238ff…
https://git.kernel.org/stable/c/31e62c2ebbfdc3fe3…
http://www.openwall.com/lists/oss-security/2026/05/15/9
https://lists.debian.org/debian-lts-announce/2026…
https://lists.debian.org/debian-lts-announce/2026…
http://www.openwall.com/lists/oss-security/2026/0…
http://www.openwall.com/lists/oss-security/2026/0…
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/	exploit

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 15b828a46f305ae9f05a7c16914b3ce273474205 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 4709234fd1b95136ceb789f639b1e7ea5de1b181 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 8f907d345bae8f4b3f004c5abc56bf2dfb851ea7 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 2a93a4fac7b6051d3be7cd1b015fe7320cd0404d (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 01363cb3fbd0238ffdeb09f53e9039c9edf8a730 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a (git) Affected: d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12 (git) Affected: 03eed7afbc09e061f66b448daf7863174c3dc3f3 (git) Affected: e45692fa1aea06676449b63ef3c2b6e1e72b7578 (git) Affected: 694a95fa6dae4991f16cda333d897ea063021fed (git) Affected: 3.16.52 , < 3.17 (semver) Affected: 4.4.40 , < 4.5 (semver) Affected: 4.8.16 , < 4.9 (semver) Affected: 4.9.1 , < 4.10 (semver)
Linux	Linux	Affected: 4.10 Unaffected: 0 , < 4.10 (semver) Unaffected: 5.10.256 , ≤ 5.10.* (semver) Unaffected: 5.15.207 , ≤ 5.15.* (semver) Unaffected: 6.1.173 , ≤ 6.1.* (semver) Unaffected: 6.6.139 , ≤ 6.6.* (semver) Unaffected: 6.12.89 , ≤ 6.12.* (semver) Unaffected: 6.18.31 , ≤ 6.18.* (semver) Unaffected: 7.0.8 , ≤ 7.0.* (semver) Unaffected: 7.1-rc4 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-20T18:47:13.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/15/9"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00032.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00035.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/20/14"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/20/16"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-46333",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-21T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T03:55:24.391Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/sched.h",
            "kernel/exit.c",
            "kernel/ptrace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6",
              "status": "affected",
              "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
              "versionType": "git"
            },
            {
              "lessThan": "15b828a46f305ae9f05a7c16914b3ce273474205",
              "status": "affected",
              "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
              "versionType": "git"
            },
            {
              "lessThan": "4709234fd1b95136ceb789f639b1e7ea5de1b181",
              "status": "affected",
              "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
              "versionType": "git"
            },
            {
              "lessThan": "8f907d345bae8f4b3f004c5abc56bf2dfb851ea7",
              "status": "affected",
              "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
              "versionType": "git"
            },
            {
              "lessThan": "6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d",
              "status": "affected",
              "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
              "versionType": "git"
            },
            {
              "lessThan": "2a93a4fac7b6051d3be7cd1b015fe7320cd0404d",
              "status": "affected",
              "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
              "versionType": "git"
            },
            {
              "lessThan": "01363cb3fbd0238ffdeb09f53e9039c9edf8a730",
              "status": "affected",
              "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
              "versionType": "git"
            },
            {
              "lessThan": "31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a",
              "status": "affected",
              "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "03eed7afbc09e061f66b448daf7863174c3dc3f3",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e45692fa1aea06676449b63ef3c2b6e1e72b7578",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "694a95fa6dae4991f16cda333d897ea063021fed",
              "versionType": "git"
            },
            {
              "lessThan": "3.17",
              "status": "affected",
              "version": "3.16.52",
              "versionType": "semver"
            },
            {
              "lessThan": "4.5",
              "status": "affected",
              "version": "4.4.40",
              "versionType": "semver"
            },
            {
              "lessThan": "4.9",
              "status": "affected",
              "version": "4.8.16",
              "versionType": "semver"
            },
            {
              "lessThan": "4.10",
              "status": "affected",
              "version": "4.9.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/sched.h",
            "kernel/exit.c",
            "kernel/ptrace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.256",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.207",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.139",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.89",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1-rc4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.256",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.207",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.173",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.139",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.89",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.31",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.8",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1-rc4",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.16.52",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.40",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.8.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS).  Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T16:07:12.401Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6"
        },
        {
          "url": "https://git.kernel.org/stable/c/15b828a46f305ae9f05a7c16914b3ce273474205"
        },
        {
          "url": "https://git.kernel.org/stable/c/4709234fd1b95136ceb789f639b1e7ea5de1b181"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f907d345bae8f4b3f004c5abc56bf2dfb851ea7"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a93a4fac7b6051d3be7cd1b015fe7320cd0404d"
        },
        {
          "url": "https://git.kernel.org/stable/c/01363cb3fbd0238ffdeb09f53e9039c9edf8a730"
        },
        {
          "url": "https://git.kernel.org/stable/c/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a"
        }
      ],
      "title": "ptrace: slightly saner \u0027get_dumpable()\u0027 logic",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-46333",
    "datePublished": "2026-05-15T12:58:44.599Z",
    "dateReserved": "2026-05-13T15:03:33.113Z",
    "dateUpdated": "2026-05-23T16:07:12.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:2137-1

CVE-2025-54518 (GCVE-0-2025-54518)

CVE-2026-23243 (GCVE-0-2026-23243)

CVE-2026-46300 (GCVE-0-2026-46300)

CVE-2026-46333 (GCVE-0-2026-46333)

Tags

Sightings

Nomenclature