Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: uacce: fixed the isolate/sysfs check condition. uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will now create sysfs...

CVE-2025-8860 Qemu-kvm: uefi-vars: information disclosure vulnerability in uefi_vars_write callback

A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. Wh...

CVE-2025-8860

CVE-2025-8860 concerns a vulnerability in QEMU’s uefi-vars virtual device. The issue occurs when writing to UEFI_VARS_REG_BUFFER_SIZE, where the kernel/user space allocates a heap buffer without zeroing it, leaving residual data. Later reads from UEFI_VARS_REG_PIO_BUFFER_TRANSFER can disclose thi...

SUSE CVE-2026-23094

In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will create sysfs files now. Users...

CVE-2026-23094

In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will create sysfs files now. Users...

CVE-2026-23094

CVE-2026-23094 : In the Linux kernel, the uacce subsystem’s device isolation feature creates sysfs files when either isolate_err_threshold_read or isolate_err_threshold_write callbacks exist. The issue was that accessing a non-existent callback could crash the system. The resolution implements a ...

EUVD-2026-5448

In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will create sysfs files now. Users...

CVE-2026-23094 uacce: fix isolate sysfs check condition

In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will create sysfs files now. Users...

CVE-2026-23094 uacce: fix isolate sysfs check condition

In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will create sysfs files now. Users...

CVE-2026-22026

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the libcurl writecallback function in the KMC...

PT-2026-2134

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP for secure communication between a spacecraft and a ground station. The write...

PT-2025-35349

Name of the Vulnerable Software and Affected Versions qemu affected versions not specified Description The vulnerability involves an information disclosure issue in QEMU. A heap buffer is allocated without being zeroed, potentially exposing residual data from prior allocations. This data can be...

CVE-2024-42328

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

UBUNTU-CVE-2024-42328

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

PT-2024-40824 · Flac · Flac

Name of the Vulnerable Software and Affected Versions: FLAC affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the FLAC replaygain synthesis apply gain function, which is called from the write callback and...

PT-2023-35726 · Git +1 · Flac

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. The crash state...

Null pointer dereference

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference...

curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...