651 matches found
UBUNTU-CVE-2026-53321
In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...
CVE-2026-53321
CVE-2026-53321 : In the Linux kernel, the io_uring/napi path was missing a cap on the maximum polling time when no events are found. The issue arises from napi potentially polling for longer than reasonable times, leading to task stagnation without conditional rescheduling. A fix caps the total b...
PT-2026-53020
Name of the Vulnerable Software and Affected Versions python-engineio versions prior to 4.13.2 Description Two specific configurations of the server fail to verify the size of incoming messages before loading them into memory, which can lead to excessive memory allocations. This occurs during POS...
PT-2026-52960
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the io uring/napi component where there is no limit on the maximum time napi can poll when no events are found. This lack of a cap can lead to kernel complaints...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed the destruction of kthread workers in polling mode. The cleanup order in polling mode irq worklist and WARNON!listempty&worker-delayedworklist. The original code called kthreadDestroyWorker before...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use deltimersync instead of deltimer in the fw reset flow of the halting poll. Replace deltimer with deltimersync in the fw reset polling activation flow. This prevents a race condition that occurs when deltimer is call...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: sched/psi: The use of kernfs polling functions for PSI trigger polling was incorrect. Destroying the psitriggerdestroy in cgroupfilerelease causes a Use-After-Free UAF issue when a cgroup is removed from a polling process. This...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: Fixed the requirement that devices managed by PME polling must be in the RPMACTIVE state. The fix notes that devices managed by runtime PM need to be in the RPMACTIVE state for PME polling. In fact, only devices in low-power...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm: Check that output polling is initialized before disabling it. In drmkmshelperpolldisable, check that output polling is initialized before disabling polling. If not, flag this as a warning. Additionally, in...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: Broadcom – bcm4908enet: Updates TX statistics after actual transmission. Queuing packets does not guarantee their transmission. Updates TX statistics after the hardware confirms that it is consuming the submitted data. This...
CVE-2025-40904
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...
SUSE CVE-2026-45968
In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms PowerNV systems without a power-mgt DT node, cpuidle may register only a single idle state. In cases where that single state is a polling state sta...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: igb: The napisynchronize function was removed from igbdown. When an AFXDP zero-copy application terminates abruptly e.g., using kill -9, the XSK buffer pool is destroyed, but NAPI polling continues. The igbcleanrxirqzc functio...
Linux Distros Unpatched Vulnerability : CVE-2026-43293
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: chips-media: wave5: Fix kthread worker destruction in polling mode Fix the cleanup order in polling mode irq worklist and...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021652)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021652 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on...
CVE-2025-40904
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...
CVE-2025-40904
The CVE-2025-40904 issue is a Stored HTML Injection in the Smart Polling feature. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags via sync; when a victim opens the affected remote strategy, injected HTML can render in their browser and enabl...
CVE-2025-40904 HTML injection in Smart Polling in Guardian/CMC before 26.1.0
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...
EUVD-2025-209895
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...
CVE-2025-40904 HTML injection in Smart Polling in Guardian/CMC before 26.1.0
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...