3056 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Marking hrtimers to expire in hard interrupt context Similar to commits 2c0d278f3293f “KVM: LAPIC: Marking hrtimers to expire in hard interrupt context” and 9090825fa9974 “KVM: arm/arm64: Letting timers expire in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: sched/fair: Fixed an error in reweightentity. Syzbot detected a GPF in reweightentity. This issue has been fixed in commit 4ef0c5c6b5ba “kernel/sched: Fixed the issue where schedfork accesses an invalid schedtaskgroup”. There ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: sched/ext: Fixed invalid task state transitions during class switching. When enabling the schedext scheduler, it is possible to trigger invalid task state transitions, resulting in warnings like the following which can be easily...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Blink Task Scheduling in Google Chrome before version 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netsched: Prevent the creation of classes with TCHROOT. The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing the qdisc tree to update parent backlogs. However, if a class is created with...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is counted as a MMCID user before it becomes visible in the process’ thread list and the global task list. This causes the following issue: CPU1 CPU2 for...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fixed the topology initialization for core scheduling Arm64 systems rely on storecputopology to call updatesiblingsmasks, in order to transfer the topology information to the various CPU masks. This must be done befor...
Siemens RUGGEDCOM RST2428P Race Condition (CVE-2025-40258)
"In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
SUSE CVE-2026-46331
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...
OpenStack Nova: Nova scheduler hint injection bypasses Placement resource claims and scheduling constraints
Affects - Nova: =18.0.0 =32.0.0 =33.0.0 33.0.2 Description Erichen from the Institute of Computing Technology, Chinese Academy of Sciences reported that Nova's server create API does not strip internal scheduler hints. An authenticated user can bypass Placement resource claims and scheduling...
USN-8434-1 nova vulnerability
It was discovered that Nova did not strip internal nova-prefixed scheduler hints supplied by users on instance creation. An attacker could possibly use this issue to bypass Placement resource claims and scheduling constraint enforcement...
CVE-2026-46331
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...
CVEAlertor
CVEAlertor Get an instant Telegram alert the moment a new C...
CVE-2026-46319
In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...
CVE-2026-46319
In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...
Linux Distros Unpatched Vulnerability : CVE-2026-46319
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and...
PT-2026-47756
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the act ct component of the Linux kernel. The problem occurs in the tcf ct flow table get function when looking up a flow table. The function...
EulerOS Virtualization 2.12.0 : kernel (EulerOS-SA-2026-2102)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : netfilter: ctnetlink: remove refcounting in expectation dumpersCVE-2025-39764 nvme: nvme-fc: Ensure -ioerrwork is cancelled in...
CVE-2026-10529
A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can...
CVE-2026-5753
The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmveSchedulesController::save' handler for 'adminpostai1wmscheduleeventsave' not verifying user capabilities before saving...