Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/kernel@5.14.0-570.110.1?arch=el9_6
Typerpm
Namespaceredhat
Namekernel
Version5.14.0-570.110.1
Qualifiers
arch el9_6
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-kvbv-df49-gyaj
vulnerability_id VCID-kvbv-df49-gyaj
summary In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses. This size was calculated based on OPEN responses and does not account for LOCK denied responses, which include the conflicting lock owner as a variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT). When a LOCK operation is denied due to a conflict with an existing lock that has a large owner, nfsd4_encode_operation() copies the full encoded response into the undersized replay buffer via read_bytes_from_xdr_buf() with no bounds check. This results in a slab-out-of-bounds write of up to 944 bytes past the end of the buffer, corrupting adjacent heap memory. This can be triggered remotely by an unauthenticated attacker with two cooperating NFSv4.0 clients: one sets a lock with a large owner string, then the other requests a conflicting lock to provoke the denial. We could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full opaque, but that would increase the size of every stateowner, when most lockowners are not that large. Instead, fix this by checking the encoded response length against NFSD4_REPLAY_ISIZE before copying into the replay buffer. If the response is too large, set rp_buflen to 0 to skip caching the replay payload. The status is still cached, and the client already received the correct response on the original request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31402.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31402.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31402
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.10729
published_at 2026-04-08T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10803
published_at 2026-04-04T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.10653
published_at 2026-04-07T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.14562
published_at 2026-04-16T12:55:00Z
4
value 0.00048
scoring_system epss
scoring_elements 0.14567
published_at 2026-04-18T12:55:00Z
5
value 0.00048
scoring_system epss
scoring_elements 0.14631
published_at 2026-04-21T12:55:00Z
6
value 0.00048
scoring_system epss
scoring_elements 0.14662
published_at 2026-04-26T12:55:00Z
7
value 0.00048
scoring_system epss
scoring_elements 0.14664
published_at 2026-04-24T12:55:00Z
8
value 0.00048
scoring_system epss
scoring_elements 0.14802
published_at 2026-04-09T12:55:00Z
9
value 0.00048
scoring_system epss
scoring_elements 0.1476
published_at 2026-04-11T12:55:00Z
10
value 0.00048
scoring_system epss
scoring_elements 0.14722
published_at 2026-04-12T12:55:00Z
11
value 0.00048
scoring_system epss
scoring_elements 0.14668
published_at 2026-04-13T12:55:00Z
12
value 0.00118
scoring_system epss
scoring_elements 0.30318
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31402
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31402
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31402
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454844
reference_id 2454844
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454844
5
reference_url https://access.redhat.com/errata/RHSA-2026:10108
reference_id RHSA-2026:10108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10108
6
reference_url https://access.redhat.com/errata/RHSA-2026:11313
reference_id RHSA-2026:11313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11313
fixed_packages
aliases CVE-2026-31402
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvbv-df49-gyaj
1
url VCID-xkg2-9n6y-5kan
vulnerability_id VCID-xkg2-9n6y-5kan
summary kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23097.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23097.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23097
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03203
published_at 2026-04-02T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03212
published_at 2026-04-04T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03215
published_at 2026-04-07T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.0322
published_at 2026-04-08T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03244
published_at 2026-04-09T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03198
published_at 2026-04-11T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03171
published_at 2026-04-12T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04562
published_at 2026-04-29T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04364
published_at 2026-04-13T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.04332
published_at 2026-04-16T12:55:00Z
10
value 0.00018
scoring_system epss
scoring_elements 0.0434
published_at 2026-04-18T12:55:00Z
11
value 0.00018
scoring_system epss
scoring_elements 0.04472
published_at 2026-04-21T12:55:00Z
12
value 0.00018
scoring_system epss
scoring_elements 0.04497
published_at 2026-04-24T12:55:00Z
13
value 0.00018
scoring_system epss
scoring_elements 0.0452
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23097
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23097
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23097
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436802
reference_id 2436802
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436802
5
reference_url https://access.redhat.com/errata/RHSA-2026:10108
reference_id RHSA-2026:10108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10108
6
reference_url https://access.redhat.com/errata/RHSA-2026:11313
reference_id RHSA-2026:11313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11313
7
reference_url https://access.redhat.com/errata/RHSA-2026:3463
reference_id RHSA-2026:3463
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3463
8
reference_url https://access.redhat.com/errata/RHSA-2026:3464
reference_id RHSA-2026:3464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3464
9
reference_url https://access.redhat.com/errata/RHSA-2026:3488
reference_id RHSA-2026:3488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3488
10
reference_url https://access.redhat.com/errata/RHSA-2026:4012
reference_id RHSA-2026:4012
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4012
11
reference_url https://usn.ubuntu.com/8162-1/
reference_id USN-8162-1
reference_type
scores
url https://usn.ubuntu.com/8162-1/
12
reference_url https://usn.ubuntu.com/8180-1/
reference_id USN-8180-1
reference_type
scores
url https://usn.ubuntu.com/8180-1/
13
reference_url https://usn.ubuntu.com/8180-2/
reference_id USN-8180-2
reference_type
scores
url https://usn.ubuntu.com/8180-2/
14
reference_url https://usn.ubuntu.com/8180-3/
reference_id USN-8180-3
reference_type
scores
url https://usn.ubuntu.com/8180-3/
15
reference_url https://usn.ubuntu.com/8180-4/
reference_id USN-8180-4
reference_type
scores
url https://usn.ubuntu.com/8180-4/
16
reference_url https://usn.ubuntu.com/8180-5/
reference_id USN-8180-5
reference_type
scores
url https://usn.ubuntu.com/8180-5/
17
reference_url https://usn.ubuntu.com/8186-1/
reference_id USN-8186-1
reference_type
scores
url https://usn.ubuntu.com/8186-1/
18
reference_url https://usn.ubuntu.com/8187-1/
reference_id USN-8187-1
reference_type
scores
url https://usn.ubuntu.com/8187-1/
19
reference_url https://usn.ubuntu.com/8188-1/
reference_id USN-8188-1
reference_type
scores
url https://usn.ubuntu.com/8188-1/
fixed_packages
aliases CVE-2026-23097
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xkg2-9n6y-5kan
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kernel@5.14.0-570.110.1%3Farch=el9_6