Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: aio: Fixed a use-after-free issue due to missing POLFREE handling. signalfdpoll and binderpoll are special because they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fixed race between aiocancel and AIO request complete FFS-based applications can utilize the aiocancel callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - aio: Fixed the dereferencing of a null pointer in aiocomplete’s wakeup routine. - listdelinitcareful must be the last access to the wait queue entry; this effectively unlocks access to the queue. Previously, finishwait would...

EUVD-2026-35870

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile does not initialize the aiocmd-iocb for the kiwritestream. When the writecommand fdexecuterwaio is executed, we may receive an invalid value for kiwritestream,...

SUSE CVE-2026-43055

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: “aio”: fixed the issue with mremap after a fork operation involving null-dereferencing. The commit e4a0d3e720e7 “aio: Makes it possible to remap the aio ring” introduced a null-dereference if mremap is called on an old aio mappin...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the conversion of struct aiokiocb. The first argument of kiocbset Cancelfn may point to a struct kiocb that is not embedded within struct aiokiocb. With the current code, depending on the compiler,...

CVE-2026-43055

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...

EUVD-2026-26654

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...

CVE-2026-43055

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...

PT-2026-36472

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the target core file component, the aio cmd structure does not properly initialize the iocb for the ki write stream. During the execution of a write command via the fd execute rw aio...

did-sdk-python (>=1.0.0 <=1.1.3), django-ninja-aio-crud (>=1.0.5 <=2.32.0) +9 more potentially affected by CVE-2026-27932 via joserfc (>=0.9.0 <=1.6.1)

joserfc PYPI version =0.9.0, =1.0.0, =1.0.5, =2.5.0, =2.0.0, =3.0.2, =0.1.3, =0.18.1, =0.1.0, =0.9.0, =0.1.0, =0.5.0rc2 Source cves: CVE-2026-27932 Source advisory: OSV:GHSA-W5R5-M38G-F9F9...

did-sdk-python (>=1.0.0 <=1.1.3), django-ninja-aio-crud (>=1.0.5 <=2.32.0) +7 more potentially affected by CVE-2026-27932 via joserfc (>=1.0.0 <=1.6.1)

joserfc PYPI version =1.0.0, =1.0.0, =1.0.5, =2.1.1, =3.0.2, =0.21.2, =0.6.0, =0.9.0, =0.1.0, =0.5.0rc2 Source cves: CVE-2026-27932 Source advisory: SNYK:PYTHON-JOSERFC-15369129...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005440)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005440 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the struct aiokiocb conversion The first kiocbsetcancelfn argument...

CVE-2025-53217

Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through = 2.0.2...

WordPress plugin AIO WP Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000936)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000936 advisory. Double free vulnerability in the ioctxalloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service system crash or...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003706)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003706 advisory. An issue was discovered in aiopoll in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aiopollwake if an expected event is triggered immediately...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000776)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000776 advisory. The aiomount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intende...