cloud-lts · ora-linux-cve-analysis · Mar 6, 2026 · Mar 6, 2026 · Mar 6, 2026 · Mar 6, 2026
diff --git a/vulns/CVE-2025-68810.yml b/vulns/CVE-2025-68810.yml
@@ -0,0 +1,11 @@
+reachability: Local
+memory_corruption: true
+bug_class: UaF
+impact: LPE
+privileges_required: false
+notes: |2-
+   UaF in the KVM subsystem when clearing the KVM_MEM_GUEST_MEMFD flag on an
+  existing memslot, leading to arbitrary kernel memory corruption and
+  eventually LPE
+author: Oracle Corporation
+version: v0.1
diff --git a/vulns/CVE-2026-23001.yml b/vulns/CVE-2026-23001.yml
@@ -0,0 +1,8 @@
+reachability: Local
+memory_corruption: true
+bug_class: UaF
+impact: LPE
+privileges_required: false
+notes: UaF in macvlan module, could be triggered using network namespace(unshare -rn)
+author: Oracle Corporation
+version: v0.1
diff --git a/vulns/CVE-2026-23004.yml b/vulns/CVE-2026-23004.yml
@@ -0,0 +1,8 @@
+reachability: Local
+memory_corruption: true
+bug_class: UaF
+impact: LPE
+privileges_required: false
+notes: UaF in net/core leading to LPE. Reachable through namespaces
+author: Oracle Corporation
+version: v0.1
diff --git a/vulns/CVE-2026-23111.yml b/vulns/CVE-2026-23111.yml
@@ -0,0 +1,8 @@
+reachability: Local
+memory_corruption: true
+bug_class: UaF
+impact: LPE
+privileges_required: false
+notes: UaF in net/netfilter leading to LPE reachable from namespaces
+author: Oracle Corporation
+version: v0.1
diff --git a/vulns/CVE-2026-23209.yml b/vulns/CVE-2026-23209.yml
@@ -0,0 +1,8 @@
+reachability: Local
+memory_corruption: true
+bug_class: UaF
+impact: LPE
+privileges_required: false
+notes: UaF in drivers/net macvlan leading to LPE. Reachable from namespaces
+author: Oracle Corporation
+version: v0.1