1974 matches found
RHSA-2026:28385 Red Hat Security Advisory: Satellite 6.18.6 Async Update
Bulletin has no description...
CVE-2026-47141
A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. Prior to version 3.11.4, NodeVM, a component of vm2, improperly exposed certain process-wide observability builtins, such as diagnosticschannel, asynchooks, and perfhooks. These builtins, which are designed for...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Cleanup of potential nfsdfile refcount leaks in the COPY code path. There are two different versions of the nfsd4copy structure. One is embedded within the compound structure and is used directly in synchronous copies. T...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Firmware: stratix10-rsu: Fixed a NULL pointer dereference issue when RSU is disabled. When the Remote System Update RSU is not enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: tegra – Added the missing CRYPTOALGASYNC flag. The tegra crypto driver failed to set CRYPTOALGASYNC for its asynchronous algorithms. As a result, the crypto API would select these algorithms for users who request only...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed a possible use-after-free in the async command interface The mlx5cmdcleanupasyncctx function should only return after all its callback handlers are completed. Before this patch, there was a race between...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1, Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: TLS: Fixed a race condition between TX work scheduling and socket closure. Similar to previous commits, the submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler’s call completes. Reordering the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm: Do not accidentally unreference the same framebuffer multiple times due to deadlock handling. If a deadlock occurs after the fb lookup in drmmodepageflipioctl, we proceed to unreference the fb and then retry the entire proce...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The commit mutex should not be released during the critical section between nftgcseqBegin and nftgcseqEnd. Otherwise, the async GC worker could collect expired objects and obtain the released commit lock with...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Driver Core: Fixed a potential deadlock in driverattach. In the driverattach function, there is also an AA deadlock issue, similar to the commit b232b02bf3c2 "Driver Core: Fix Deadlock in deviceattach". The stack trace is as...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Binder: Fixed an issue where asyncfreespace accounting for empty parcels was incorrect. In version 4.13, commit 74310e06be4d “android:binder: Move buffer out of area shared with user space” fixed a issue related to the visibility...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa – Fix for the asyncdisable descriptor leak The paths for disabling asyncdisable in functions like iaacompress and decompress do not free the idxd descriptors when asyncdisable is set. Currently, this issue only occurs...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed a race condition between the async reclaim worker and closectree Syzbot reported an assertion failure due to an attempt to add a delayed iput after setting BTRFSFSSTATENODELAYEDIPUT in the fsinfo state: WARNING:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nvmet: moving async event work off nvmet-wq For the target function nvmetctrlfree, the variable ctrl-asynceventwork is flushed. If nvmetctrlfree runs on nvmet-wq, the flush re-enters the workqueue completion for the same worker. ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: idpf: fixed the PREEMPTRT raw/bh spinlock nesting issue for async VC handling The code has been changed to use a local lock instead of the raw spinlock provided by the completion structure in the idpfvcxn struct. This conversion ...
Astra Linux – Vulnerability in Xen
x86: TSX Async Abort protections are not restored after S3. This issue relates to the TSX Async Abort speculative security vulnerability. For more details, please refer to https://xenbits.xen.org/xsa/advisory-305.html. To mitigate TAA by disabling TSX the default and preferred option, it is...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Driver core: Fixed a deadlock in deviceattach. In the deviceattach function, the lock-holding logic is as follows: … deviceattach devicelockdev // Get the lock for dev asyncscheduledevdeviceattachasynchelper, dev; // Function cal...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: The reference to cephstring should be placed correctly after the asynccreate attempt. The reference obtained by tryprepasynccreate is currently being leaked. Ensure that we place this reference correctly...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in QEMU. The async nature of hot-unplug allows for a race condition, where the net device backend is cleared before the virtio-net PCI frontend is unplugged. A malicious guest could exploit this time window to trigger an assertion and cause a denial of service...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: tc358743 – The v4l2 async device is registered only after a successful setup. Ensure that the device has been set up correctly before registering the v4l2 async device, thereby allowing userspace to access it...