CVE analysis - Week 19

vulns/CVE-2026-23193.yml

@@ -0,0 +1,10 @@
+reachability: Remote
+memory_corruption: true
+bug_class: UaF
+impact: LPE
+privileges_required: false
+notes: |-
+  | memory corruption and LPE. Reachable only from host that an admin has
+  configured as an iSCSI target
+author: Oracle Corporation
+version: v0.1

vulns/CVE-2026-23216.yml

@@ -0,0 +1,11 @@
+reachability: Remote
+memory_corruption: true
+bug_class: UaF
+impact: LPE, RCE
+privileges_required: false
+notes: |-
+  | unauthenticated remote DoS, memory corruption and potentially RCE.
+  Exploitable only if the host is configured and exposed as an iSCSI target
+  (TCP/3260)
+author: Oracle Corporation
+version: v0.1

vulns/CVE-2026-23270.yml

@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: true
+bug_class: UAF
+impact: LPE
+privileges_required: false
+notes: |2-
+   unprivileged user can create a user + net namespace, obtain CAP_NET_ADMIN,
+  program tc filters, and hit a UAF that yields kernel memory corruption
+author: Oracle Corporation
+version: v0.1

vulns/CVE-2026-23278.yml

@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: true
+bug_class: Refcount Underflow
+impact: LPE
+privileges_required: false
+notes: |2-
+   local nf_tables catchall-map lifetime/refcount bug where incomplete
+  transaction cleanup can cause a refcoutn underflow.
+author: Oracle Corporation
+version: v0.1

vulns/CVE-2026-31402.yml

@@ -0,0 +1,11 @@
+reachability: Remote
+memory_corruption: true
+bug_class: Buffer Overflow
+impact: RCE or DOS
+privileges_required: false
+notes: |2-
+   Heap out-of-bounds write in nfsd NFSv4 LOCK replay cache.  Remote,
+  unauthenticated attacker can overflow the 112-byte rp_ibuf with up to ~944
+  bytes via a crafted pair of LOCK requests.
+author: Oracle Corporation
+version: v0.1