Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: Cancel the mesh send timer when the hdev is removed The meshsenddone timer is not canceled when the hdev is removed, which can cause a crash if the timer triggers after the hdev is gone. Cancel the timer when...

Astra Linux - уязвимость в qemu

A flaw was discovered in the implementation of the 9p passthrough filesystem 9pfs in QEMU. The 9pfs server did not prevent the opening of special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared...

CVE-2026-43019

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hciconn from...

CVE-2025-68657

CVE-2025-68657 affects the ESP-IDF USB Host HID driver. Before version 1.1.0, hid_host_device_close() can free the same usb_transfer_t twice, and the USB event callback shares hid_iface_t state with user code without locking, allowing race conditions that may tear down a READY interface in parall...

CVE-2022-50851 vhost_vdpa: fix the crash in unmap a large memory

In the Linux kernel, the following vulnerability has been resolved: vhostvdpa: fix the crash in unmap a large memory While testing in vIOMMU, sometimes Guest will unmap very large memory, which will cause the crash. To fix this, add a new function vhostvdpageneralunmap. This function will only...

CVE-2022-50833

CVE-2022-50833 relates to the Linux kernel Bluetooth HCI work queue handling. The issue arose when scheduling hdev->{cmd,ncmd}_timer work on the hdev->workqueue during a draining WQ, which could conflict with a destruction-during-queue state. The mitigation involves using the hdev->workq...

Bluetooth: MGMT: cancel mesh send timer when hdev removed

...

CVE-2025-40284 Bluetooth: MGMT: cancel mesh send timer when hdev removed

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...

Linux Distros Unpatched Vulnerability : CVE-2023-53145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: btsdio: fix use after free bug in btsdioremove due to race condition In btsdioprobe, the data-work is bound with btsdiowork. It will be started in...

UBUNTU-CVE-2022-49200

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdiointerrupt Fix the following kernel oops in btmtksdiointerrrupt 14.339134 btmtksdiointerrupt+0x28/0x54 14.339139 processsdiopendingirqs+0x68/0x1a0 14.339144 sdioirqwork+0x40/0x70...

NVIDIA Container Toolkit 安全漏洞

NVIDIA Container Toolkit is a container toolkit from NVIDIA, Inc. Allows users to build and run GPU-accelerated containers. A security vulnerability exists in NVIDIA Container Toolkit that stems from the inclusion of an incorrect isolation vulnerability, where a specially crafted container image...

SUSE CVE-2024-54191

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in isoconnbigsync This fixes the circular locking dependency warning below, by reworking isosockrecvmsg, to ensure that the socket lock is always released before calling a function that locks hde...

SUSE CVE-2024-47748

In the Linux kernel, the following vulnerability has been resolved: vhostvdpa: assign irq bypass producer token correctly We used to call irqbypassunregisterproducer in vhostvdpasetupvqirq which is problematic as we don't know if the token pointer is still valid or not. Actually, we use the...

Apache CloudStack 输入验证错误漏洞

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from an input validation error vulnerabilit...

Ubiquiti UniFi 命令注入漏洞

Ubiquiti UniFi is a wireless networking system from Ubiquiti USA. A security vulnerability previously existed in UniFi version 7.3.83. An attacker could exploit this vulnerability to execute malicious commands on a recovering host device...

AZL-26983 CVE-2023-1989 affecting package hyperv-daemons for versions less than 5.15.118.1-1

A use-after-free flaw was found in btsdioremove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdioremove with an unfinished job, may cause a race problem leading to a UAF on hdev devices...

SUSE CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest...

CVE-2022-34960

The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host...

CVE-2022-34960

CVE-2022-34960 affects MikroTik RouterOS 7.4beta4 via the container package. An attacker can create mount points to symbolic links that resolve to host locations, allowing mounting of arbitrary files to the host. Impact: high confidentialitiy, integrity, and availability as per CVSS 3.1 (9.8). Ex...

CVE-2021-1800

CVE-2021-1800 is tied to Apple Xcode 12.4. The vulnerability is a path handling issue in on-demand resources that could allow a malicious app to access arbitrary host files when using Xcode. Apple fixed this by improving path validation in Xcode 12.4. The cited sources (Apple advisory HT212153 an...