By weakness (CWE)
CWE-674: related vulnerabilities
CVEs classified under CWE-674. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-46149HIGH 7.1
A vulnerability in the Linux kernel's SCSI target subsystem allows a local attacker with low privileges to read sensitive kernel memory and potentially crash the system. The issue occurs in the configfs interface where storage path group membership information is displayed. When a storage fabric's name is unusually long, the kernel writes more data than expected to a temporary buffer, and then copies that overrun data to a user-readable sysfs file. On systems with fortify checks enabled, this causes a kernel panic; on others, it leaks kernel memory to unprivileged users.
- CVE-2026-40989MEDIUM 5.7
Spring Cloud Function versions across multiple release lines contain a flaw in the routing layer that can trigger infinite recursion during request handling. This recursion exhausts available memory, causing an out-of-memory (OOM) error that crashes the application. The vulnerability requires either physical access to the system or authenticated local access to exploit, which limits its immediate risk in cloud-native deployments but remains a concern for containerized environments or systems with weak internal network segmentation.