OSWE-Notes

OSWE Exploit Helpers Helper modules for writing OSWE exploit...

SUSE CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

SUSE CVE-2026-46595

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

EUVD-2026-31393

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

PT-2026-42714

Name of the Vulnerable Software and Affected Versions SSH servers affected versions not specified Description SSH servers using CertChecker as a public key callback may experience a panic when a client presents a certificate if IsUserAuthority or IsHostAuthority are not set. A panic is a critical...

Sunshine 信任管理问题漏洞

Sunshine is an Open Source Moonlight-based autonomous gaming streaming host developed by LizardByte. Earlier versions of Sunshine, such as 2026.516.143833, had vulnerabilities related to trust management. These vulnerabilities stemmed from improper handling of OpenSSL verification results. Custom...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: Staging: rtl8712 – fixed bugs related to use after freeing memory. The Read/WriteMACREG callbacks are set to NULL, so the read/writemacreghdl functions do nothing other than freeing the “pcmd” pointer. This results in a...

Astra Linux - уязвимость в qemu

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, which can lead to a NULL pointer dereferencing...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-wmi-sysman: Fixed the retrieval of WMI data blocks in sysfs callbacks. After retrieving WMI data blocks through sysfs callbacks, it is necessary to check the validity of these data blocks before dereferencing...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Block layer: The feature of freezing the request queue from within sysfs store callbacks has been removed. Freezing the request queue may cause a deadlock when combined with the dm-multipath driver and the queueifnopath option...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: PM: core: Keep irq flags in devicepmcheckcallbacks The function devicepmcheckcallbacks can be called under the spin lock in the reported case, it happens from genpdadddevice - devpmdomainset. In this case, the genpd uses spinlock...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fixed a potential NULL dereference in ethtoolsetcoalesce. ethtoolsetcoalesce now uses both .getcoalesce and .setcoalesce callbacks. However, the check for their availability is buggy. Therefore, changing the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: genetlink: Fixed the issue where genlbind invokes bind after -EPERM. Callbacks for binding and unbinding were introduced to enable families to track the presence of multicast group consumers. For example, these callbacks can be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: shaper: Protection is added for late read accesses to the hierarchy. We retrieve a netdev object during the preparation of Netlink operations pre-callbacks, and then we acquire a reference to it. Later, within the body of th...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Do not allow sockmapclose,destroy,unhash to call itself. Proto callback functions in sockmap should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stac...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: crypto: krb5enc – Fix for async decryption skipping hash verification The krb5encdispatchdecrypt function sets req-base.complete as the skcipher callback. This means that when the skcipher completes asynchronously, it signals...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Driver: iio: added missing checks for access to iioinfo’s callbacks. Some callbacks from the iioinfo structure are accessed without any checks. Therefore, if a driver does not implement these callbacks, attempting to access th...