[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-45837":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-15T22:50:23.791Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":14,"duplicates":21,"related":22,"reserved_at":9,"published_at":24,"modified_at":25,"state":26,"summary":27,"references_raw":31,"kevs":50,"epss":51,"epss_history":54,"metrics":115,"affected":116},"CVE-2026-45837","In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix use-after-free in arena_vm_close on fork\n\narena_vm_open() only bumps vml->mmap_count but never registers the\nchild VMA in arena->vma_list. The vml->vma always points at the\nparent VMA, so after parent munmap the pointer dangles. If the child\nthen calls bpf_arena_free_pages(), zap_pages() reads the stale\nvml->vma triggering use-after-free.\n\nFix this by preventing the arena VMA from being inherited across\nfork with VM_DONTCOPY, and preventing VMA splits via the may_split\ncallback.\n\nAlso reject mremap with a .mremap callback returning -EINVAL. A\nsame-size mremap(MREMAP_FIXED) on the full arena VMA reaches\ncopy_vma() through the following path:\n\n  check_prep_vma()       - returns 0 early: new_len == old_len\n                           skips VM_DONTEXPAND check\n  prep_move_vma()        - vm_start == old_addr and\n                           vm_end == old_addr + old_len\n                           so may_split is never called\n  move_vma()\n    copy_vma_and_data()\n      copy_vma()\n        vm_area_dup()    - copies vm_private_data (vml pointer)\n        vm_ops->open()   - bumps vml->mmap_count\n      vm_ops->mremap()   - returns -EINVAL, rollback unmaps new VMA\n\nThe refcount ensures the rollback's arena_vm_close does not free\nthe vml shared with the original VMA.",null,[],[],[],[],[15,17,19],{"_key":16},"UBUNTU-CVE-2026-45837",{"_key":18},"OPENSUSE-SU-2026:10954-1",{"_key":20},"DEBIAN-CVE-2026-45837",[],[23],{"_key":18},"2026-05-27T09:24:32.833Z","2026-06-14T17:46:01.781Z","Awaiting Analysis",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":29,"epss_score":30,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":26},false,"low",0.00156,[32,38,42,46],{"url":33,"sources":34,"tags":37},"https://git.kernel.org/stable/c/723b9fa930cc277c15ce6b9ec9feec828cfac9d7",[35,36],"cve.org","nvd",[],{"url":39,"sources":40,"tags":41},"https://git.kernel.org/stable/c/d18099f19e53250f8ad2801498b88cec29d9107a",[35,36],[],{"url":43,"sources":44,"tags":45},"https://git.kernel.org/stable/c/201128fcc7b213d27ab77bc4e89488b41796480f",[35,36],[],{"url":47,"sources":48,"tags":49},"https://git.kernel.org/stable/c/4fddde2a732de60bb97e3307d4eb69ac5f1d2b74",[35,36],[],[],{"date":52,"score":30,"percentile":53},"2026-06-15",0.05118,[55,59,62,65,68,71,74,78,81,84,87,90,93,96,99,102,105,108,111,114],{"date":56,"score":57,"percentile":58},"2026-05-27",0.00018,0.04889,{"date":60,"score":57,"percentile":61},"2026-05-28",0.04906,{"date":63,"score":57,"percentile":64},"2026-05-29",0.04919,{"date":66,"score":57,"percentile":67},"2026-05-30",0.04933,{"date":69,"score":57,"percentile":70},"2026-05-31",0.04911,{"date":72,"score":57,"percentile":73},"2026-06-01",0.04846,{"date":75,"score":76,"percentile":77},"2026-06-02",0.00023,0.0685,{"date":79,"score":76,"percentile":80},"2026-06-03",0.06793,{"date":82,"score":76,"percentile":83},"2026-06-04",0.06804,{"date":85,"score":76,"percentile":86},"2026-06-05",0.06835,{"date":88,"score":76,"percentile":89},"2026-06-06",0.06839,{"date":91,"score":76,"percentile":92},"2026-06-07",0.06824,{"date":94,"score":76,"percentile":95},"2026-06-08",0.06781,{"date":97,"score":76,"percentile":98},"2026-06-09",0.06786,{"date":100,"score":76,"percentile":101},"2026-06-10",0.06817,{"date":103,"score":76,"percentile":104},"2026-06-11",0.0682,{"date":106,"score":76,"percentile":107},"2026-06-12",0.06842,{"date":109,"score":76,"percentile":110},"2026-06-13",0.06831,{"date":112,"score":76,"percentile":113},"2026-06-14",0.06818,{"date":52,"score":30,"percentile":53},[],[117],{"ecosystem":9,"name":118,"vendor":119,"product":119,"cpe_part":120,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":121},"Linux","linux","a",[122,129,132,135,138],{"version":123,"is_range":124,"range_type":35,"version_start":125,"version_start_type":126,"version_end":127,"version_end_type":128,"fixed_in":9},">= 317460317a02a1af512697e6e964298dedd8a163, \u003C 723b9fa930cc277c15ce6b9ec9feec828cfac9d7",true,"317460317a02a1af512697e6e964298dedd8a163","including","723b9fa930cc277c15ce6b9ec9feec828cfac9d7","excluding",{"version":130,"is_range":124,"range_type":35,"version_start":125,"version_start_type":126,"version_end":131,"version_end_type":128,"fixed_in":9},">= 317460317a02a1af512697e6e964298dedd8a163, \u003C d18099f19e53250f8ad2801498b88cec29d9107a","d18099f19e53250f8ad2801498b88cec29d9107a",{"version":133,"is_range":124,"range_type":35,"version_start":125,"version_start_type":126,"version_end":134,"version_end_type":128,"fixed_in":9},">= 317460317a02a1af512697e6e964298dedd8a163, \u003C 201128fcc7b213d27ab77bc4e89488b41796480f","201128fcc7b213d27ab77bc4e89488b41796480f",{"version":136,"is_range":124,"range_type":35,"version_start":125,"version_start_type":126,"version_end":137,"version_end_type":128,"fixed_in":9},">= 317460317a02a1af512697e6e964298dedd8a163, \u003C 4fddde2a732de60bb97e3307d4eb69ac5f1d2b74","4fddde2a732de60bb97e3307d4eb69ac5f1d2b74",{"version":139,"is_range":28,"range_type":35,"version_start":139,"version_start_type":126,"version_end":139,"version_end_type":126,"fixed_in":9},"6.9"]