Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fixed the use-after-free of rsvqp on HIP08. Currently, rsvqp is freed before the ibunregisterdevice function is called on HIP08. During this time interval, users can still deregister MR, and rsvqp will be used in this...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: signal: restored the overriderlimit logic Before committing the change d64696905554 “Reimplemented RLIMITSIGPENDING based on ucounts”, the R LIMIT for UCOUNTRLIMITSIGPENDING was not enforced for a certain class of signals. Howeve...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list mlx5wqllpop. For SHAMPO, it is possible to receive CQEs with 0 consumed strides fo...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Fixed the error path in multi-packet WQE transmit. Removed the erroneous unmap if no DMA mapping was established. The multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This may fail, for...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc Generally, the qlen of any classful qdisc should keep track of the number of packets held by the qdisc itself and all its children. In the case of netem, qlen only...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure that the DAID handling is completed before deleting an NPIV instance. Deleting an NPIV instance requires that all fabric ndlps be released before the resources of the NPIV can be destroyed. Failure to release t...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm – injects an error before stopping the queue. The master OOO cannot be completely closed when the accelerator core reports a memory error. Therefore, the driver needs to inject the qm error to close the maste...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fixed deadlock issues with SRQ async events. The xalock function for the SRQ table may be required in AEQ. Use xastoreirq/xaeraseirq to avoid deadlock...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect rxq contains a pointer to the device from where the redirect happened. Currently, the BPF program that was executed after a redirect via BPFMAPTYPEDEVMAP does not have it set. This is...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under the skreceivequeue lock. Billy Jheng Bing-Jhong reported a race condition between unixgc and queueoob. unixgc attempts to garbage-collect closed inflight sockets. If the socket contains MSGOOB...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Packets are queued in the IRQ handler instead of being disabled during the BH handling process. Currently, the driver uses localbhdisable/localbhenable in its IRQ handler to avoid triggering netrxaction in the softir...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211: mesh: Fixed a leak of meshpreqqueue objects The hwmp code uses objects of type meshpreqqueue, which are added to a list in ieee80211ifmesh to track mpath. We need to fix this issue. If the mpath is deleted, the ex...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: mana: Fixed error handling in manacreatetxq/rxq’s NAPI cleanup Currently, the napidisable function is called during the cleanup of rxq and txq, even before napi is enabled and hrtimer is initialized. This causes kernel...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netem: fixed the return value if duplicate enqueue fails. There is a bug in netemenqueue, introduced by the commit 5845f706388a “net: netem: fix skb length BUGON in skbtosgvec”, which can lead to a use-after-free. This commit...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Do not keep the queue frozen during system suspension. The commit 4ce6e2db00de “virtio-blk: Ensure no requests are in the virtqueues before deleting the vqs.” replaces “queue quiesce” with “queue freeze” in virtio-blk...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Added a timeout to the acquisition of the command queue semaphore. This prevents forced completion handling on entries that have not yet been assigned an index, thereby avoiding out-of-bounds access at idx = -22. Instea...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fixed deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional, there is a deadlock with the ‘statelock’ spinlock between ks8851startxmitspi and ks8851irq: Watchdog: BUG: Soft lock...

PT-2025-6244 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions 12.109.0 through 2025.2.0-alpha.0 Description: Misskey is an open source, federated social media platform. Due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's...

SQL Injection

Overview yascheduler is a Yet another computing scheduler and cloud orchestration engine Affected versions of this package are vulnerable to SQL Injection in the queuesubmittask function. Remediation Upgrade yascheduler to version 1.0.7 or higher. References - GitHub Commit...

CVE-2021-35095

Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile...