17 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: blk-rq-qos: fixed a crash that occurred during the race between rqqoswait and rqqoswakefunction. We are encountering crashes due to rqqoswakefunction, which manifest as follows: BUG: Unable to handle a page fault for address:...
SUSE CVE-2026-3805
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
UBUNTU-CVE-2025-40259
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function may sleep. Hence, call sgfinishremreq with interrupts enabled instead of disabled...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50082)
blk-rq-qos: vulnerability in blk-rq-qos can cause a crash due to a race condition between rqqoswait and rqqoswakefunction, which is fixed by ensuring the waitqueue entry is accessed in the correct order. This plugin only works with Tenable.ot. Please visit...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990530)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990530 advisory. In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero in blkrqstatsum The expression dst-nrsamples + src-nrsamples may...
Siemens SIMATIC Devices Divide By Zero (CVE-2024-35925)
block: prevent division by zero in blkrqstatsum This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503787; scriptversion"1.1";...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-383088)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-383088 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rqqoswait vs. rqqoswakefunction race We're seeing crashes from...
kernel: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rqqoswait vs. rqqoswakefunction race We're seeing crashes from rqqoswakefunction that look like this: BUG: unable to handle page fault for address: ffffafe180a40084 PF: supervisor write access in kernel...
DEBIAN-CVE-2025-37906
In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between iouringcmdcompleteintask and ublkcancelcmd ublkcancelcmd calls iouringcmddone to complete uringcmd, but we may have scheduled task work via iouringcmdcompleteintask for dispatching request, then kernel cras...
UBUNTU-CVE-2025-37906
In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between iouringcmdcompleteintask and ublkcancelcmd ublkcancelcmd calls iouringcmddone to complete uringcmd, but we may have scheduled task work via iouringcmdcompleteintask for dispatching request, then kernel cras...
The vulnerability of the BLK-RQ-QOS component of the Linux operating system, which allows a hacker to trigger a service failure
The vulnerability of the BLK-RQ-QOS component of the Linux operating system’s kernel is related to incorrect blocking in the rqqoswakefunction function in the block/blk-rq-qos.c file. Exploiting this vulnerability could allow an attacker to cause a service failure...
blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
...
DEBIAN-CVE-2024-50082
In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rqqoswait vs. rqqoswakefunction race We're seeing crashes from rqqoswakefunction that look like this: BUG: unable to handle page fault for address: ffffafe180a40084 PF: supervisor write access in kernel...
Biscuit 安全漏洞
Biscuit is a delegated, decentralized, capability-based authorization token from biscuit-auth open source. A security vulnerability exists in Biscuit that stems from a data log that allows a malicious user to trick a third-party authority into generating a key pair with the wrong trust via a forg...
PT-2024-29655 · Unknown · Biscuit-Java
Name of the Vulnerable Software and Affected Versions: biscuit-java versions prior to 4.0.0 Description: The issue concerns the generation of third-party blocks for authentication and authorization tokens in microservices architectures. A malicious user can forge a third-party block request,...
CVE-2024-40925 block: fix request.queuelist usage in flush
In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit 81ada09cc25e "blk-flush: reuse rq queuelist in flush state machine". The root cause is that we use...
SUSE CVE-2014-0143
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service crash via a crafted catalog size in 1 the parallelsopen function in block/parallels.c or 2 bochsopen function in bochs.c, a large L1 table in the 3 qcow2snapshotloadtmp i...