107 matches found
CVE-2026-53092
CVE-2026-53092 affects the Linux kernel’s BPF subsystem . The root cause is in register delta tracking when the same source and destination registers are used (e.g., rX += rX). In adjust_reg_min_max_vals(), the code mutates the destination in-place, and later, when evaluating the source register,...
Astra Linux – Vulnerability in fly-wm
The vulnerability of the fly-adjust-palette utility in the window graphical manager fly-wm is related to reading data beyond the allowed buffer size. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in fly-wm
The vulnerability of the fly-adjust-palette utility in the window graphical manager fly-wm is related to the manipulation of the zero pointer. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in fly-wm
The vulnerability of the fly-adjust-palette utility in the window graphical manager fly-wm is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjustscalarminmaxvals Kuee reported a corner case where the tnum becomes constant after the call to regboundoffset, but the bounds of the register are not correct. In particular, its...
Astra Linux – Vulnerability in fly-wm
The vulnerability of the fly-adjust-palette utility in the window graphical manager fly-wm is related to reading data beyond the allowed buffer size. Exploiting this vulnerability allows an attacker to cause a service failure...
CVE-2026-43499
The CVE-2026-43499 issue concerns the Linux kernel rtmutex path where remove_waiter() operated on current during dequeue in rt_mutex_start_proxy_lock() via futex_requeue(). This caused: (1) rbtree dequeue without waiter::task::pi_lock, (2) waiter task pi_blocked_on not cleared (dangling pointer, ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: For TCP sockets with the TCPSYNRECV status, the function shutdownSENDSHUTDOWN is delayed. The TCPSYNRECV state is actually special; it is only used by cross-syn connections, and is mostly exploited by attackers. In the following...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: kprobes/x86: Use copyfromkernelnofault to read from an unsafe address. Reading from an unsafe address using copyfromkernelnofault in archadjustkprobeaddr is allowed because this function is called before checking whether the...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose-height boundary issue Syzkaller identified a bug: BUG: Unable to handle page faults for address: ffffc9000a3b1000 PF: Supervisor write access in kernel mode PF: Errorcode0x0002 – Not-present page PGD...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: core: The unnecessary framesz check in bpfxdpadjusttail has been removed. Syzkaller reported the following issue: ======================================= “Too big” – xdp-framesz = 131072 WARNING: CPU: 0, PID: 5020, at...
Malicious code in @antv/adjust (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@2nova/wu-ui (>=1.1.0 <=1.3.12), @action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5) +2009 more potentially affected by unknown CVE via @antv/adjust (>=0.0.7 <=0.2.5)
@antv/adjust NPM version =0.0.7, =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.0.1-beta, =0.1.2, =0.1.0, =0.5.0-alpha.0, =0.1.0, =0.5.0-alpha.0, =0.5.0-alpha.0, =0.1.0, =0.1.0, =1.0.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVADJUST-16754377...
SUSE CVE-2026-43464
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag correct...
CVE-2026-43465
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011304)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011304 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-iocost: use spinlockirqsave in adjustinuseandcalccost adjustinuseandcalccost use spinlockirq...
CVE-2025-54550
The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...
CLSA-2026-1771239384 kernel: Fix of 75 CVEs
net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit CVE-2025-39766 - NFSD: Avoid calling OPDESC with ops-opnum == OPILLEGAL CVE-2023-53680 - scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow CVE-2023-53676 - KVM: x86: use arrayindexnospec with indices that come from...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a miscalculation of non-block-aligned locations by the iomapadjustreadrange function, which could lead to...
EUVD-2023-60290
In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary framesz check in bpfxdpadjusttail Syzkaller reported the following issue: ======================================= Too BIG xdp-framesz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121...