Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The “binding mark” of a reused connection was unset. Steve French reported a null pointer dereference error from the sha256 lib.cifs.ko library. The cifs.ko library can send session setup requests on reused connections. If...

EUVD-2023-23475

Malicious code in bioql PyPI...

EUVD-2025-13094

Malicious code in bioql PyPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from a premature release of cfile in the cifs module, which could lead to reuse after release...

SUSE CVE-2025-38379

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2reconnectserver, a dummy tcon is passed down to smb2reconnect with -queryinterface uninitialized, so we can't call queuedelayedwork on it. Fix...

AZL-65780 CVE-2025-38379 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2reconnectserver, a dummy tcon is passed down to smb2reconnect with -queryinterface uninitialized, so we can't call queuedelayedwork on it. Fix...

PT-2025-27954 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the version that includes the fix for the max sge overflow in smb extract folioq to rdma Description: A vulnerability has been resolved in the Linux kernel related to the max sge overflow in smb extract folioq t...

CVE-2022-49822

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, then the module refcnt leak since the cifsd kthread not exit. Also leak the fscache info, and for next mount with fsc, it...

CVE-2025-23143

In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by socklockinitclassandname and rmmod. When I ran the repro 0 and waited a few seconds, I observed two LOCKDEP splats: a warning immediately followed by a null-ptr-deref. 1 Reproduction Steps: 1 Mount CIFS...

CVE-2025-23143

CVE-2025-23143 is a Linux kernel issue where unloading a module (e.g., CIFS/NFS) can race with a TCP socket still alive, leading to a NULL pointer dereference in lockdep when hlock_class() is called after the module is gone. The root cause is that CIFS assigns a different lock class to the socket...

CVE-2025-23143 net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.

In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by socklockinitclassandname and rmmod. When I ran the repro 0 and waited a few seconds, I observed two LOCKDEP splats: a warning immediately followed by a null-ptr-deref. 1 Reproduction Steps: 1 Mount CIFS...

CVE-2025-23143 net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.

In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by socklockinitclassandname and rmmod. When I ran the repro 0 and waited a few seconds, I observed two LOCKDEP splats: a warning immediately followed by a null-ptr-deref. 1 Reproduction Steps: 1 Mount CIFS...

PT-2025-18397

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A null pointer dereference issue has been identified in the Linux kernel. The problem occurs when the CIFS module is unloaded while a TCP socket is still alive, causing a discrepancy...

CVE-2023-53006 cifs: Fix oops due to uncleared server->smbd_conn in reconnect

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uncleared server-smbdconn in reconnect In smbddestroy, clear the server-smbdconn pointer after freeing the smbdconnection struct that it points to so that reconnection doesn't get confused...

CVE-2024-54680

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-54680

Summary: Astra Linux security bulletin links CVE-2024-54680 to a CIFS/SMB client issue in the Linux kernel related to TCP timer handling and netns lifetimes. The advisory states that a prior fix (“smb: client: fix TCP timers deadlock after rmmod”) was reverted, which inadvertently reintroduced a ...

CVE-2024-50119 cifs: fix warning when destroy 'cifs_io_request_pool'

In the Linux kernel, the following vulnerability has been resolved: cifs: fix warning when destroy 'cifsiorequestpool' There's a issue as follows: WARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 freelargekmalloc+0xac/0xe0 RIP: 0010:freelargekmalloc+0xac/0xe0 Call Trace: ? warn+0xea/0x330...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure of the cifs module to properly handle memory pools when destroying cifsiorequestpool, which coul...

CVE-2024-42307

Technical details about CVE-2024-42307 (affected product, vulnerable component, impact, or remediation) are not provided in the supplied documents. Monitor for updates from official advisories.

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a post-release reuse vulnerability in the cifs module...