rxrpc: Only put the call ref if one was acquired

...

CVE-2026-31638

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpcinputpacketonconn can process a to-client packet after the current client call on the channel has already been torn down. In that case chan-call is NULL, rxrpctrygetcall retur...

CVE-2026-31638

The CVE-2026-31638 issue affects the Linux kernel rxrpc subsystem. When a client call on a channel has already been torn down, rxrpc_input_packet_on_conn() could still process a to-client packet; rxrpc_try_get_call() could return NULL and there would be no reference to drop. The code path then un...

CVE-2023-53621

In the Linux kernel, the following vulnerability has been resolved: memcontrol: ensure memcg acquired by id is properly set up In the eviction recency check, we attempt to retrieve the memcg to which the folio belonged when it was evicted, by the memcg id stored in the shadow entry. However, ther...

Duo Wins $50K Bug Bounty for Supply Chain Flaw in Newly Acquired Firm

Researchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,…...

kernel: memcontrol: ensure memcg acquired by id is properly set up

In the Linux kernel, the following vulnerability has been resolved: memcontrol: ensure memcg acquired by id is properly set up In the eviction recency check, we attempt to retrieve the memcg to which the folio belonged when it was evicted, by the memcg id stored in the shadow entry. However, ther...

Epik, the Far Right's Favorite Web Host, Has a Shadowy New Owner

Known for doing business with far-right extremist websites, Epik has been acquired by a company that specializes in helping businesses keep their operations secret...

Privilege Escalation

github.com/stolostron/governance-policy-propagator is vulnerable to Privilege Escalation. In a formed policy, the library makes it possible for dynamically acquired policies to leverage cluster scoped access, enabling a local attacker to access resources from the namespace where the policy was...

500M Avira Antivirus Users Introduced to Cryptomining

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isnt alone in this dubious endeavor: Avira antivirus -- which has built a base of 500 million users worldwide...

ActivIdentity 8.2 Unquoted Service Path

Exploit Title: ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2021-03-21 Software Version : ActivIdentity 8.2 Vendor Homepage : https://www.hidglobal.com/ Tested on OS: Windows 7 Pro ActivIdentity was Acquired by HID Global in Octuber 2010...

ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path

Exploit Title: ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2021-03-21 Software Version : ActivIdentity 8.2 Vendor Homepage : https://www.hidglobal.com/ Tested on OS: Windows 7 Pro ActivIdentity was Acquired by HID Global in Octuber 2010...

Trojanized Security Software Hits South Korea Users in Supply-Chain Attack

Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools RATs on target systems. Attributing the operation to the Lazarus Group, also known as Hidden...

Code injection

PIVX through 3.1.03 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk...

Snapchat: Takeover 2 MAIN DOMAINS of a company Acquired by Snapchat

Hi, As you may realize I noted "Domain" and not subdomain because actually, I was able to take over the MAIN domain of a company Acquired by Snapchat. As you can see in the screenshot below, when you type "Addlive" in Google https://goo.gl/EAxBaj , the first two results will be: F261984 First one...

St. Jude Patches Additional Cardiac Device

St. Jude Medical has patched a vulnerability in another Merlin@home Transmitter medical device vulnerable to a man-in-the-middle attack. The medical device maker issued an update on Monday for its Merlin@home Transmitter “inductive” models, expanding the number of devices impacted by a...

Sun.com (Oracle Sun Microsystems) vulnerable to SQL Injection

Sun.com Oracle Sun Microsystems vulnerable to SQL Injection Sun Microsystems, Inc. was a company selling computers, computer components, computer software, and information technology services. Sun was founded on February 24, 1982. Prior to the acquistition by Oracle its headquarters were in Santa...