1217 matches found
PT-2026-38969
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A synchronization bug exists in the amdgpu dma buf move notify function within the drm/amdgpu component. The issue occurs when a buffer object BO is moved by one process, requiring other...
SUSE CVE-2026-43103
In the Linux kernel, the following vulnerability has been resolved: net: lapbether: handle NETDEVPRETYPECHANGE lapbethdatatransmit expects the underlying device type to be ARPHRDETHER. Returning NOTIFYBAD from lapbethdeviceevent makes sure bonding driver can not break this expectation...
CVE-2026-43103
In the Linux kernel, the following vulnerability has been resolved: net: lapbether: handle NETDEVPRETYPECHANGE lapbethdatatransmit expects the underlying device type to be ARPHRDETHER. Returning NOTIFYBAD from lapbethdeviceevent makes sure bonding driver can not break this expectation...
PT-2026-37413
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the lapbether network driver where the lapbeth data transmit function expects the underlying device type to be ARPHRD ETHER. The issue is addressed by returning NOTIFY B...
AVideo: HTML Injection in notifySubscribers.json.php Allows Platform-Branded Phishing Emails to Channel Subscribers
Summary objects/notifySubscribers.json.php takes the raw message POST parameter and passes it into sendSiteEmail, which substitutes it directly into an HTML email template via strreplace on the message placeholder and renders it with PHPMailer::msgHTML. There is no HTML sanitization, character...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Thermal: int340x – fixed a memory leak in int3400notify The following memory leaks are likely to occur on my TigerLake platform: - Unreferenced object: 0xffff927c8b91dbc0 size 32 Command: “kworker/0:2”, pid 112, jiffies 429489332...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Fixed resource leaks that occur during errors in lineinfochangednotify. During error handling, lineinfochangednotify does not free the allocated resources, resulting in leaks. This issue has been fixed...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: NET: caif: Fixed a use-after-free in cfusbldevicenotify. syzbot reported a use-after-free in cfusbldevicenotify 1. This causes a stack trace like below: BUG: KASAN: Use-after-free in cfusbldevicenotify+0x7c9/0x870,...
Astra Linux – Vulnerability in Mariadb 10.3
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server up to 2021-03-03; and the wsrep patch up to 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUP...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: intel-vbtn – Protect the ACPI notify handler from racing with itself Since the commit e2ffcda16290 “ACPI: OSL: Allow Notify handlers to run on all CPUs”, ACPI notify handlers like intel-vbtn’s notifyhandler may run ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: lapbether: ignore ops-locked netdevs Syzkaller managed to trigger a lock dependency in xsknotify via registernetdevice. As discussed in 0, using registernetdevice in notifiers is problematic, so we skip adding the lapbeth fo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Fuse: Clearing FRSENT when re-adding requests into the pending list The following warning was reported by lee bruce: ---------- Cut here ---------- WARNING: CPU: 0, PID: 8264, at fs/fuse/dev.c:300 fuserequestend+0x685/0x7e0 vs...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: VMCI: Check context-notifypage after the call to getuserpagesfast to avoid GPF. The call to getuserpagesfast in vmcihostunlockedioctl may return NULL for context-notifypage, causing a GPF. To avoid this, check if context-notifypa...
CVE-2026-7518
A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...
EUVD-2026-26542
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsinotifycommon The connector number extracted from CCI via UCSICCICONNECTOR is a 7-bit field 0-127 that is used to index into the connector array in ucsiconnectorchange. However, t...
CVE-2026-31729
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsinotifycommon The connector number extracted from CCI via UCSICCICONNECTOR is a 7-bit field 0-127 that is used to index into the connector array in ucsiconnectorchange. However, t...
CLSA-2026-1777614769 kernel: Fix of 13 CVEs
crypto: algifaead - Fix minimum RX size check for decryption - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl - crypto: authencesn - Fix src offset when decrypting in-place - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption - crypto: authenc - use...
CVE-2026-7518 Open5GS AMF SBI Endpoint sdmsubscription-notify amf_namf_callback_handle_sdm_data_change_notify denial of service
A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...
CVE-2026-7518
A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...
CVE-2026-7518 Open5GS AMF SBI Endpoint sdmsubscription-notify amf_namf_callback_handle_sdm_data_change_notify denial of service
A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...