1086 matches found
CVE-2026-43502
In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently infers zerocopy stat...
UBUNTU-CVE-2026-43502
In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently infers zerocopy stat...
CVE-2026-43502
In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently infers zerocopy stat...
EUVD-2026-31275
In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently infers zerocopy stat...
CVE-2026-43502
The CVE-2026-43502 vulnerability affects the Linux kernel net/rds zerocopy send path. The root cause is incorrect cleanup logic: zerocopy ownership is determined by op_mmp_znotifier, but purge uses rm->m_rs, risking unqueued messages being cleaned up as if they owned normal payload pages. The ...
CVE-2026-43502 net/rds: handle zerocopy send cleanup before the message is queued
In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently infers zerocopy stat...
Missing Authentication for Critical Function
Overview symfony/twilio-notifier is a Symfony Twilio Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parser in the notifier bridge. An attacker can submit forged webhook status events because the pars...
Missing Authentication for Critical Function
Overview symfony/lox24-notifier is a Symfony LOX24 Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parsers in the Mailjet maile bridge and LOX24 SMS notifier bridge. An attacker can submit forged...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: lapbether: ignore ops-locked netdevs Syzkaller managed to trigger a lock dependency in xsknotify via registernetdevice. As discussed in 0, using registernetdevice in notifiers is problematic, so we skip adding the lapbeth...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The ability to release a flow rule object from the commit path was added. There is no need to delay this process until the commit phase, as no packets actually traverse this object. It is accessed only from t...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The netlink notifier might race to release objects. The commit release path is invoked via callrcu, and it runs without locking to release the objects after the rcu grace period. The netlink notifier handler...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: slimbus: qcom-ngd: cleanup in the probe error path Added a proper error path in the probe function to clean up resources that were previously acquired/allocated, in order to fix warnings that appear during probe deferral: The...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Registers the VF in netvscprobe if NETDEVICEREGISTER was missed. If the hvnetvsc driver is unloaded and reloaded, the NETDEVICEREGISTER handler cannot successfully register the VF, as the register call is received befor...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Firmware: armscmi: Fixed a slab-use-after-free in scmibusnotifier. The scmidev-name is released prematurely in scmidevicedestroy, which causes a slab-use-after-free when accessing scmidev-name in scmibusnotifier. Therefore, the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: afpacket: moved the notifier’s packetdevmc out of the RCU critical section. Syzkaller reports the following issue: BUG: A sleeping function is called from an invalid context at kernel/locking/mutex.c:578 mutexlock+0x106/0xe80...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: media: v4l2-async: Fixed error handling after finding a match. Once an async connection is found to match an fwnode, a sub-device may be registered if it wasn’t already. Its binding operation is performed, auxiliary links are...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Don't call mmput from MMU notifier callback If the process is exiting, the mmput inside mmu notifier callback from compactd or fork or numa balancing could release the last reference of mm struct to call exitmmap and...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tundetach Syzbot reported a use-after-free in tundetach. This causes a call trace like the following: ================================================================== BUG: KASAN: use-after-free i...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fixed a leak in devfreqdevrelease. The srcuinitnotifierhead function allocates resources that need to be released using a srcucleanupnotifierhead call. Reported by kmemleak...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fixed the use of memory after it is freed in lineinfochangednotify. The use-after-free issue occurs as follows: when the GPIO chip device file is closed by invoking gpiochrdevrelease, the data structure watchedLine...