Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: fixed an UaF issue in listener shutdown According to Christoph’s report after refactoring the passive socket initialization, the mptcp listener shutdown path is vulnerable to an UaF issue. BUG: KASAN: use-after-free in...

EUVD-2015-8809

Malware in sbrugna...

EUVD-2024-24108

Malicious code in bioql PyPI...

CVE-2025-37878

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARNON!ctx in freeevent for partial init Move the getctxchildctx call and the childevent-ctx assignment to occur immediately after the child event is allocated. Ensure that childevent-ctx is non-NULL before any...

CVE-2023-53088

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp listener shutdown path is prone to an UaF issue. BUG: KASAN: use-after-free in...

CVE-2023-53088 mptcp: fix UaF in listener shutdown

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp listener shutdown path is prone to an UaF issue. BUG: KASAN: use-after-free in...

CVE-2023-52929

In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix cleanup after devsetname If devsetname fails, we leak nvmem-wpgpio as the cleanup does not put this. While a minimal fix for this would be to add the gpiodput call, we can do better if we split deviceregister, an...

CVE-2022-49076

CVE-2022-49076 concerns the Linux kernel RDMA/hfi1 subsystem. The issue is a use-after-free in the mm struct lifecycle: under certain conditions (e.g., MPI_Abort), hfi1_mmu_rb_unregister() may drop the last reference to a task mm, freeing it before its final use in hfi1_release_user_pages. This c...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from watchqueuesetsize error cleanup code not handling null pointers...

CVE-2024-56673

In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Do not call pmd dtor on vmemmap page table teardown The vmemmap's, which is used for RV64 with SPARSEMEMVMEMMAP, page tables are populated using pmd page middle directory hugetables. However, the pmd allocation is not...

CVE-2024-56673

Technical details about CVE-2024-56673 are not provided in the supplied documents. Monitor for updates from the vendors/security advisories for affected products, fixes, and mitigations.

CVE-2023-52731

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix invalid page access after closing deferred I/O devices When a fbdev with deferred I/O is once opened and closed, the dirty pages still remain queued in the pageref list, and eventually later those may be processed in t...

SUSE CVE-2021-47427

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix iscsitask use after free Commit d39df158518c "scsi: iscsi: Have abort handler get ref to conn" added iscsigetconn/iscsiputconn calls during abort handling but then also changed the handling of the case where we...

kernel: mptcp: fix UaF in listener shutdown

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp listener shutdown path is prone to an UaF issue. BUG: KASAN: use-after-free in...

CVE-2023-52731 fbdev: Fix invalid page access after closing deferred I/O devices

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix invalid page access after closing deferred I/O devices When a fbdev with deferred I/O is once opened and closed, the dirty pages still remain queued in the pageref list, and eventually later those may be processed in t...

UBUNTU-CVE-2021-47427

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix iscsitask use after free Commit d39df158518c "scsi: iscsi: Have abort handler get ref to conn" added iscsigetconn/iscsiputconn calls during abort handling but then also changed the handling of the case where we...

kernel: drm/amdgpu: Fix sdma v4 sw fini error

An invalid pointer dereference flaw was found in the Linux kernel AMD GPU SDMA v4 driver's cleanup code. On systems with SDMA 4.2.2 hardware, driver unload or system shutdown triggers the sdmav40swfini cleanup path, which attempts to release firmware using an uninitialized or corrupted pointer,...

CVE-2024-26846 nvme-fc: do not wait in vain when unloading module

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...

CVE-2024-26846 nvme-fc: do not wait in vain when unloading module

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...

CVE-2023-52520 platform/x86: think-lmi: Fix reference leak

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...