28 matches found
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Ensure visibility when inserting an element into tracingmap. Running the following two commands in parallel on a multi-processor AArch64 machine may occasionally generate an unexpected warning regarding duplicate...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fixed an issue where accessing an array was done outside the bounds of the array for an enum type. Accessing enums using integers would result in accessing an array outside its bounds on platforms like...
HTTP Fetch, Linux Execute Command
Fetch and execute an AARCH64 payload from an HTTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/http/aarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... m...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: qt5: qt5-filesystem-5.15.18-2.1.hum1 aarch64, x8664 qt5-rpm-macros-5.15.18-2.1.hum1 noarch qt5-srpm-macros-5.15.18-2.1.hum1 noarch qt5-5.15.18-2.1.hum1.src src...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004716)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004716 advisory. An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system...
Fedora 43 : chromium (2026-66162d01ae)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-66162d01ae advisory. Update to 143.0.7499.192 High CVE-2026-0628: Insufficient policy enforcement in WebView tag Enable control flow integrity support for x8664/aarch64 Enable...
EUVD-2020-30212
Malware in sbrugna...
USN-7700-1: GCC vulnerability
It was discovered that the -fstack-protector hardening feature in GCC for AArch64 did not properly protect dynamically-sized local variables such as those created using C99 variable length arrays or alloca. As a result, an attacker who was able to trigger a buffer overflow in such cases could...
USN-7700-1 gcc-10, gcc-11, gcc-12 vulnerability
It was discovered that the -fstack-protector hardening feature in GCC for AArch64 did not properly protect dynamically-sized local variables such as those created using C99 variable length arrays or alloca. As a result, an attacker who was able to trigger a buffer overflow in such cases could...
Linux Distros Unpatched Vulnerability : CVE-2025-22122
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio 4GB folio is possible on some ARCHs, such as aarch64, 16GB...
Important: kernel-livepatch-5.10.233-223.887
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: clear aclaccess/acldefault after releasing them CVE-2025-21796 Affected Packages: kernel-livepatch-5.10.233-223.887 Issue Correction: Please ensure you have live patching enabled. Run yum update...
CVE-2025-21851 bpf: Fix softlockup in arena_map_free on 64k page kernel
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arenamapfree on 64k page kernel On an aarch64 kernel with CONFIGPAGESIZE64KB=y, arenahtab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. It turn...
HTTPS Fetch
Fetch and execute an AARCH64 payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/aarch64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and...
HTTP Fetch, Linux dup2 Command Shell, Reverse TCP Stager
Fetch and execute an AARCH64 payload from an HTTP server. dup2 socket in x12, then execve. Connect back to the attacker Module Options msf use payload/cmd/linux/http/aarch64/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp sh...
DEBIAN-CVE-2024-26645
In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracingmap Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram...
AZL-28769 CVE-2023-4039 affecting package gcc for versions less than 11.2.0-6
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
ALPINE-CVE-2023-4039
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
PT-2023-5294
Name of the Vulnerable Software and Affected Versions GCC versions prior to the fixed version Description A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in an...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-011)
The version of kernel installed on the remote host is prior to 5.4.38-17.76. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-011 advisory. In the Linux kernel 5.3.10, there is a use-after-free read in the perftracelockacquire function related to...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5691)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5691 advisory. 5.4.17-2011.2.2uek - scsi: qla2xxx: Move free of fcport out of interrupt context Joe Carnuccio Orabug: 31225231 - xfs: move inode flush to the sync...