CVE-2026-43060

The CVE-2026-43060 issue affects the Linux kernel netfilter component (nft_ct). When the nft_ct module is removed, packets enqueued in nfqueue may retain stale references to conntrack zone templates or timeout policies, risking instability or DoS. The root cause is references that can outlive the...

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the OverlappingFieldsCanBeMerged validation rule. An attacker can exhaust server resources and cause service disruption by submitting specially crafted GraphQL queries containing numerous neste...

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the ResponseReader class. An attacker can exhaust the client's CPU by sending specially crafted IMAP responses containing many string literals, leading to significant performance degradation in...

RHCOS 9 : OpenShift Container Platform 4.17.5 (RHSA-2024:9613)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9613 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

RHCOS 9 : OpenShift Container Platform 4.14.41 (RHSA-2024:9623)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9623 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove the cpuhp instance node before removing the cpuhp state The functions cpuhpstateaddinstance and cpuhpstateremoveinstance should be used in pairs. Otherwise, a warning will be issued during the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix for a race condition in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes that bqenqueue and...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Fixed the call trace observed during I/O with CMF enabled. The following issue was observed with CMF enabled: BUG: Using smpprocessorid in a preemptible context. Code: systemd-udevd/31711 Kernel: Caller is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: rcutorture: Fixed the issue where ksoftirqd’s timing and iteration were increased. The RCU priority boosting can fail in two situations: 1 If nrcpus maxcpus, meaning that the total number of CPUs is greater than the number of...

Astra Linux – Vulnerability in python-tornado

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: cpu: Re-enable CPU mitigations by default for !X86 architectures. Rename the configuration for x86 to CPUMITIGATIONS, define it in the generic code, and apply it to all architectures except x86. A recent commit that turned...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: Avoid stalls in fqpietimer When setting a high number of flows limit being 65536, fqpietimer currently uses too much time, as reported by syzbot. Add logic to yield the CPU every 2048 flows less than 150...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/iucv: Fixed the size of interrupt data iucvirqdata needs to be 4 bytes larger. These bytes are not used by the iucv module, but are written by the z/VM hypervisor in case a CPU is deconfigured. Reported as: BUG...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flushcpuslab/freeslab invocations in task context. Commit 5a836bf6b09f "mm: slub: move flushcpuslab invocations freeslab invocations out of IRQ context" moved all flushcpuslab invocations to the global workqueue to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd – fix double-free in per-CPU stream cleanup The crypto/zstd module contains a double-free bug that occurs when multiple tfms are allocated and freed. The issue arises because the zstdstreams per-CPU contexts are free...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fixed an issue where the non-existent percpu rtpcp variable was accessed in rcutasksneedgpcb. For kernels built with CONFIGFORCENRCPUS=y, nrcpuids is defined as NRCPUS instead of the number of possible CPUs. This can...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Do not balance tasks to their current running CPUs. We encountered a situation where the balancer attempts to balance a migrated task with disabled status, triggering a warning in settaskcpu. The detailed error messag...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cgroup, freezer: Hold cpuhotpluglock before freezermutex. syzbot reports a circular locking dependency between cpuhotpluglock and freezermutex. To address this issue, commit f5d39b020809 “freezer,sched: Rewrite core freezer...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate-ut: Fixed a kernel panic that occurred when loading the driver. After loading the amd-pstate-ut driver, the functions amdpstateutcheckperf and amdpstateutcheckfreq use cpufreqcpuget to obtain the CPU’s policy...