144 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while t...
EUVD-2026-31685
Hackney: ssl:connect/2 post-handshake upgrade has no timeout...
CVE-2026-53204
In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while the SMC call is still pending. In stratix10rsuprobe, the error paths f...
CVE-2026-53204
The CVE-2026-53204 issue concerns the Linux kernel firmware for Stratix 10 RSU (rsu_send_msg timeout). When wait_for_completion_interruptible_timeout() times out while an SMC call is pending, rsu_send_msg() could lead to a NULL dereference in stratix10_rsu_probe() due to error-path handling that ...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad – Fixing timeout handling When the CPU on which the QSPI interrupt handler runs typically CPU 0 is excessively busy, it can lead to rare cases where the IRQ thread does not run before the transfer timeout is...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: dm: removed the fake timeout to avoid leaking requests. Since commit 15f73f5b3e59 “blk-mq: moved failure injection out of blkmqcompleterequest”, drivers are responsible for calling blkshouldfaketimeout at appropriate code paths a...
PT-2026-47306
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/vkms component where the vblank timer implementation differs from the standard DRM implementation. The vblank timer utilizes the handle vblank timeout function...
EUVD-2025-210057
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recov...
PT-2026-45985
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/panthor component where the memory subsystem can become blocked, causing flush operations to never complete. This state can be triggered by buggy GPU jobs...
PT-2026-43940
Content removed...
CVE-2026-47071
Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...
CVE-2026-47077 Unbounded body accumulation in HTTP/3 response loop in hackney
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...
CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney
Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...
EEF-CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney
Summary Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/...
Edimax EW-7438RPn 命令注入漏洞
The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Version 1.12 of the Edimax EW-7438RPn has a command injection vulnerability. This vulnerability stems from improper handling of the parameter maxConn/timeOut in the formConnectionSetting function of the Setti...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fixed a race condition between ufshcdmcqabort and the ISR. If a command timeout occurs and the cq complete IRQ is raised at the same time, ufshcdmcqabort clears the lprb-cmd, and a NULL pointer dereferencing occu...
Astra Linux – Vulnerability in Xen
Inappropriate x86 IOMMU timeout detection/handling: IOMMU processes commands that are issued in parallel with the operation of the CPUs that issue those commands. In the current implementation in Xen, asynchronous notifications of the completion of such commands are not used. Instead, the issuing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfcgetsfpinfo The MBXTIMEOUT return code is not properly handled in lpfcgetsfpinfo, and the routine unconditionally frees the submitted mailbox commands, regardless of the return status. Th...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fixed handling of connection failures In cases where immediate MPA Memory Protection Area request processing fails, the newly created endpoint unlinks from the listening endpoint and becomes ready to be dropped. This...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: do not free live element Pablo reported a crash when processing large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: addelem"00000000" timeout 100 ms ... addelem"0000000X"...