16822 matches found
CVE-2026-9136
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...
EUVD-2026-31151
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: SELinux: The use of both GFPKERNEL and GFPATOMIC in convertcontext was enabled. The following warnings were triggered in a hardware environment: SELinux: Converting 162 SID table entries… BUG: A sleeping function was called fr...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: accel/ivpu: Fixed a page fault in ivpubounbindallbosfromcontext...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Avoid out-of-bounds access in decodepreauthctxt. Ensure that the address of pnegctxt-HashAlgorithms lies within the SMB request boundary. deassemblenegcontexts only checks that the eight-byte smb2negcontext header plus...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: ufs: core: mcq: Fix for the deadlock issue caused by &hwq-cqlock When the ufscdhandleerrhandler function is executed, the CQ event interrupt may enter a waiting state for the same lock. This can occur in...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed a leak of the rxgk context in rxgkverifyresponse. Fixed rxgkverifyresponse to clean up the rxgk context it creates...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fixed atomic context locking issue The ncmsetalt function was holding a mutex to prevent race conditions with configfs. This function invokes the mightsleep function within an atomic context. The struct pointer...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: BPF: Added checks for skisinet and ISICSK in tlsswhasctxtx/rx. With the introduction of support for vsock and Unix sockets in sockmap, tlsswhasctxtx/rx cannot assume that the socket passed in must be of type ISICSK. Sockets of...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: API – Use a work queue in cryptoDestroyInstance. The function cryptoDropSpawn is expected to be called from the process context. However, when an instance is not registered while it still has active users, the last user m...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: led: qcom-lpg: Fixed sleeping in atomic operations The lpgh brightnessset function can enter a sleeping state, while the led’s brightnessset callback must be non-blocking. The LPG driver should use brightnesssetblocking instea...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: mmc: vub300: fix warning – do not call blocking ops when !TASKRUNNING vub300enablesdioirq works with a mutex and requires TASKRUNNING. Ensure that we mark the current context as TASKRUNNING for sleepable contexts. 77.554641 Do...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: coresight: cti: Fixed a hang that occurred in ctidisablehw and ctienablehw. These functions are called from an atomic context, so they should not use runtime PM, as it can result in a sleep when communicating with the firmware...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: The spinlock is used as a lock for protecting the context list. Previously, a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block. Th...
Astra Linux - уязвимость в opensc
The contextcreate function in ctx.c, within libopensc in OpenSC 0.19.0, has a memory leak, as evidenced by a call from eidenv...
Astra Linux – Vulnerability in Linux
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in orde...
Astra Linux - уязвимость в firefox
When a user opened the Web Extensions context menu, the Web Extension could access the post-redirect URL of the clicked element. If the Web Extension did not have the necessary WebRequest permissions for the hosts involved in the redirection, this would constitute a same-origin violation, allowin...
Astra Linux - уязвимость в linux, linux-5.10
A heap-based buffer overflow flaw was discovered in the way the legacyparseparam function in the Linux kernel’s Filesystem Context functionality verifies the length of the supplied parameters. A non-privileged user if non-privileged user namespaces are enabled, otherwise requiring CAPSYSADMIN...
Astra Linux - уязвимость в firefox, thunderbird
If an attacker were able to corrupt the methods of an Array object in JavaScript through prototype pollution, they could have executed JavaScript code under their control in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0, and...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: perf: Fixed list corruption in perfcgroupswitch. There is list corruption in cgrpcpuctxlist. This occurs at the following path: perfcgroupswitch: listforeachentrycgrpcpuctxlist cpuctxschedin ctxschedin ctxpinnedschedin...