23700 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtasflash: allows user copy to flash block cache objects With hardened usercopy enabled CONFIGHARDENEDUSERCOPY=y, using the /proc/powerpc/rtas/firmwareupdate interface to prepare a system firmware update results in a BUG:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: F2FS: fixed potential corruption when moving a directory. F2FS also has the same issue in ext4rename, which causes a crash, as revealed by xfstests/generic/707. See also commit 0813299c586b “ext4: Fix possible corruption when...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: Synchronize atomic write aborts To address the race condition between atomic write aborts, I use the inode lock and ensure that the COW inode can be reused throughout the entire lifetime of the atomic file inode...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: – Parsing the DT Device Tree for flashes along with the rest of the DT parsing. The recent refactoring of the code responsible for enabling runtime PM was implemented in the commit f1eb4e792bb1 „spi:...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: The issue was fixed by dropping all dirty pages during umount if cperror is set. The xfstest generic/361 report indicates a bug as follows: f2fsbugonsbi, sbi-fsyncnodenum; Kernel bug located at fs/f2fs/super.c:1627! RIP:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to prevent race conditions during the fsyncentryslab access by multiple f2fs filesystem instances. As reported by syzbot, there is a use-after-free issue during f2fs recovery: A use-after-free occurs when...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed a NULL pointer derefrence in f2fssubmitpagewrite BUG: NULL pointer derefrence in the kernel; address: 0000000000000014 RIP: 0010:f2fssubmitpagewrite+0x6cf/0x780 f2fs Call Trace: ? show regs+0x6e/0x80 ? die+0x29/0x70 ?...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mtd: maps: pxa2xx-flash: fixed a memory leak in the probe function. Added “free ‘info’” upon remapping errors to avoid memory leaks. : Reworded the commit log...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid potential deadlocks. The function f2fstrylockop was used in f2fswritecompressedpages to prevent potential deadlocks, just as we did in f2fswritesingledatapage...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fixed the issue of null pointer dereferencing in ESI. ESI/MSI is a performance optimization feature that provides dedicated interrupts per MCQ hardware queue. This is an optional feature, and UFS MCQ should...
GHSA-9PG3-25FQ-P6CC nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs)
internal/web/operators.go:251 — after handleOperatorCreateAPIKey mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?newkey=&keyname= The raw API key ends up: - in the browser's URL history - in the Referer header on every cross-origin asset the detai...
CVE-2026-42608
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the sessionid passed as form-flash-id in POST requests, an unauthenticated attacker can traverse the filesystem to create arbitrary directories an...
Linux Distros Unpatched Vulnerability : CVE-2026-46194
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix nodecnt race between extent node destroy and writeback f2fsdestroyextentnode does not set FINOEXTENT before clearing extent nodes. When called from...
mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
...
CVE-2026-46175
A flaw was found in the Linux kernel's f2fs filesystem. During Foreground Garbage Collection FGGC of node blocks, the system fails to properly clear internal metadata marks. This can lead to filesystem inconsistencies, where the fsck utility may misinterpret the state of migrated data. A local us...
CVE-2026-46175
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs seq 1 2048 | xargs...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the nodecnt competition between the destruction and write-back operations of extent nodes in f2fs...
CVE-2018-25377 Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH
Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the...
CVE-2018-25377 Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH
Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the...
EUVD-2018-21899
Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the...