2375 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fixed the issue where an unrecoverable MCE call to the async handler from the NMI context could cause problems. The machine check handler is not considered part of the NMI mechanism on 64s architectures. The early...
Astra Linux - уязвимость в linux, linux-5.15, linux-6.1, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tls: Separating the handling of no-async decryption requests from async. If we are not using async, the handling is much simpler. There is no reference counting; we simply need to wait for the completion to wake us up and return...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nvme: Fixed a possible use-after-free condition during controller reset during loading. Unlike .queuerq, in .submitasyncevent, drivers may not check the state of ctrl before submitting an AER. This can lead to a use-after-free...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: move tcpmqueuevdmunlocked to asynchronous work A state check was previously added to tcpmqueuevdmunlocked to prevent a deadlock where the DisplayPort Alt Mode driver would be executing work and attempting to gra...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fixed an infinite recursive call of clippush. syzbot reported this issue below. 0 This issue occurs when we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push; during the...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume core code deadlocks, because asyncscheduledev executes its argument function synchronously if it...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
A issue was discovered in the Linux kernel before version 6.6.8. The dovccioctl function in net/atm/ioctl.c has a use-after-free issue due to a race condition involving vccrecvmsg...
CVE-2026-4100
The CVE concerns the Paid Memberships Pro plugin for WordPress, affecting all versions up to 3.6.5. The root cause is missing capability checks on three AJAX handlers: wp_ajax_pmpro_stripe_create_webhook, wp_ajax_pmpro_stripe_delete_webhook, and wp_ajax_pmpro_stripe_rebuild_webhook. This allows a...
CVE-2026-4024 Royal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification
The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...
PT-2026-36609
The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wp ajax pmpro stripe create webhook, wp ajax pmpro stripe delete...
Linux Distros Unpatched Vulnerability : CVE-2026-31719
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own...
CVE-2026-31719
A flaw was found in the krb5enc module of the Linux kernel's crypto subsystem. When performing asynchronous decryption, the krb5encdispatchdecrypt function incorrectly bypasses the integrity verification hash check. This issue occurs because the skcipher completion handler signals completion...
CVE-2026-31713
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
CVE-2026-43055
The CVE-2026-43055 issue affects the Linux kernel SCSI target: file implementation. The root cause is that target_core_file does not initialize aio_cmd->iocb for ki_write_stream, which can yield a bogus ki_write_stream value during fd_execute_rw_aio() and lead to unintended write failure statu...
CVE-2026-31739
In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTOALGASYNC The tegra crypto driver failed to set the CRYPTOALGASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only synchronous algorithms. This...
CVE-2026-31739
In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTOALGASYNC The tegra crypto driver failed to set the CRYPTOALGASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only synchronous algorithms. This...
CVE-2026-31739 crypto: tegra - Add missing CRYPTO_ALG_ASYNC
In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTOALGASYNC The tegra crypto driver failed to set the CRYPTOALGASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only synchronous algorithms. This...
CVE-2026-31739
CVE-2026-31739 affects the Linux kernel tegra crypto driver. The driver failed to set CRYPTO_ALG_ASYNC on asynchronous algorithms, causing the crypto API to select async paths for users requesting synchronous operations, potentially causing crashes. Mitigation implemented in the patch: explicitly...
CVE-2026-31719 crypto: krb5enc - fix async decrypt skipping hash verification
In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this...
EUVD-2026-26528
In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this...