CVE-2026-43373

A flaw was found in the Linux kernel, specifically within the Network Controller Sideband Interface NCSI subsystem. This vulnerability occurs in the NCSI RX and Asynchronous Event Notification AEN handlers, where early return paths fail to release received socket buffers skb when processing inval...

CVE-2026-43373 net: ncsi: fix skb leak in error paths

In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting in a memory leak. Specifically, ncsiaenhandler returns on invalid AEN packets without consuming the...

PT-2026-39034

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Linux kernel within the NCSI RX and AEN handlers. Specifically, the ncsi aen handler function returns on invalid AEN packets without consuming the socket buff...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvme: Fixed a possible use-after-free condition during controller reset during loading. Unlike .queuerq, in .submitasyncevent, drivers may not check the state of ctrl before submitting an AER. This can lead to a use-after-free...

EUVD-2017-8031

Malware in sbrugna...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986400)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986400 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport errorrecovery work While...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987363)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987363 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queuerq, in...

RDMA/hns: Fix UAF for cq async event

...

libevent bug fix update

An update is available for libevent. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libevent packages provide an abstract asynchronous event notification...

DEBIAN-CVE-2022-48790

In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queuerq, in .submitasyncevent drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condition that was observed...

UBUNTU-CVE-2022-48790

In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queuerq, in .submitasyncevent drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condition that was observed...

UBUNTU-CVE-2024-38591

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix deadlock on SRQ async events. xalock for SRQ table may be required in AEQ. Use xastoreirq/ xaeraseirq to avoid deadlock...

Mageia: Security Advisory (MGASA-2024-0079)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2023-52508

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvmefciogetuuid The nvmefcfcpop structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvmefciogetuuid passing a...

[SECURITY] [DLA 3752-1] libuv1 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3752-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk March 05, 2024 https://wiki.debian.org/LTS -...

DEBIAN-CVE-2023-52508

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvmefciogetuuid The nvmefcfcpop structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvmefciogetuuid passing a...

USN-6666-1: libuv vulnerability

It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted hostnames to bypass certain checks...

USN-5007-1: libuv vulnerability

Eric Sesterhenn discovered that libuv incorrectly handled certain strings. An attacker could possibly use this issue to access sensitive information or cause a crash...

USN-4548-1: libuv vulnerability

It was discovered that libuv incorrectly handled certain paths. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

CVE-2017-16857

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the...