Astra Linux - уязвимость в binutils

A flaw was discovered in Binutils. The use of an uninitialized field in the struct module module may cause the application to crash and lead to a local denial of service...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed an illegal memory access In the kfdwaitonevents function, the kfdeventwaiter structure is allocated by alloceventwaiters. However, the event field of the waiter structure is not initialized. When the...

auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation

Summary The Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. In practice, this means all Patreon-authenticated users of an application using this library are collapsed into a...

PT-2026-36824

Name of the Vulnerable Software and Affected Versions auth versions 1.18.0 through 1.25.1 auth versions 2.0.0 through 2.1.1 Description The Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID instead of deriving a unique ID from the account returned by Patreo...

CVE-2026-23335

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdmacreateuserah struct irdmacreateahresp // 8 bytes, no padding u32 ahid; // offset 0 - SET uresp.ahid = ah-scah.ahinfo.ahidx u8 rsvd4; // offset 4 - NEVER SET - LEAK ; rsvd4: 4 bytes of sta...

CVE-2023-49062

Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP v4 Too Big packet generation. After a bpfxdpadjusthead call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000202)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000202 advisory. In the Linux kernel through 5.3.8, f-fmt.sdr.reserved is uninitialized in rcardrifgfmtsdrcap in drivers/media/platform/rcardrif.c, which could cause a memory...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an uninitialized s-private field that could lead to a null pointer dereference...

Siemens SIMATIC Devices Use of Uninitialized Variable (CVE-2024-26973)

In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fatencodefhnostale encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so t...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-398435)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-398435 advisory. In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fatencodefhnostale encodes file handle...

EUVD-2023-29530

Malicious code in bioql PyPI...

EUVD-2023-29527

Malicious code in bioql PyPI...

PT-2025-44117

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the Squashfs file system related to uninitialized values in the squashfs get parent function. This issue arises when open by handle at is invoked...

SUSE CVE-2025-38533

In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix the using of Rx buffer DMA The wxrxbuffer structure contained two DMA address fields: 'dma' and 'pagedma'. However, only 'pagedma' was actually initialized and used to program the Rx descriptor. But 'dma' was...

CVE-2025-38533 net: libwx: fix the using of Rx buffer DMA

In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix the using of Rx buffer DMA The wxrxbuffer structure contained two DMA address fields: 'dma' and 'pagedma'. However, only 'pagedma' was actually initialized and used to program the Rx descriptor. But 'dma' was...

PT-2025-33576

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The wx rx buffer structure contained two DMA address fields: dma and page dma. However, only page dma was initialized and used to program the Rx descriptor, while dma remained...

kernel: fat: fix uninitialized field in nostale filehandles

In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles The Linux kernel CVE team has assigned CVE-2024-26973 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050132-CVE-2024-26973-54a3@gregkh/T...

SUSE CVE-2022-49865

In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a struct ifaddrlblmsg to the network, ifalreserved remained uninitialized, resulting in a 1-byte infoleak: BUG: KMSAN: kernel-network-infoleak...

CVE-2023-53119

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533outarg properly struct pn533outarg used as a temporary context for outurb is not initialized properly. Its uninitialized 'phy' field can be dereferenced in error cases inside pn533outcomplete...

CVE-2023-53119

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533outarg properly struct pn533outarg used as a temporary context for outurb is not initialized properly. Its uninitialized 'phy' field can be dereferenced in error cases inside pn533outcomplete...