70 matches found
CVE-2026-53332 slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd
In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver being probed, or the remoteproc is already up when the PDR lookup is being registered, or in the...
CVE-2026-56320 Capgo - Org/App Scope Mismatch in Device Creation Endpoint
Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...
CVE-2026-56320
Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts a caller-supplied org_id without validating it matches the target app’s owner organization. Authenticated attackers can create device records for an application using a foreign organization identifier...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tpm: tpmvtpmproxy: fixed a race condition in the creation of /dev/vtpmx. The /dev/vtpmx becomes visible before ‘workqueue’ is initialized, which can lead to memory corruption in the worst-case scenario. This issue is addressed by...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fixed a memory leak when thresholdcreatebank fails. In mcethresholdcreatedevice, if thresholdcreatebank fails, the previously allocated thresholdbanks array @bp will be leaked, because the call to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fixed a memory leak in kvmeiointcdestroy. In kvmioctlcreatedevice, kvmdevice allocates memory. kvmdevice-destroy seems to be supposed to free up the kvmdevice structure, but kvmeiointcDestroy does not do this...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: hwmon: w83792d A NULL pointer dereferencing issue was addressed by removing unnecessary structure fields. If the driver reads a value that is sufficient for the condition: val & 0x08 && !val & 0x80 && val & 0x7 == val 4 & 0x7...
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns rtnlnewlink lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices veth, vxcan, netkit. This allows an unprivileged user with a...
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns rtnlnewlink lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices veth, vxcan, netkit. This allows an unprivileged user with a...
CVE-2026-23028
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmipidestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmipidestroy is not currently doing this, that...
CVE-2026-23029
The CVE-2026-23029 entry describes a memory-leak in the LoongArch KVM path of the Linux kernel. In kvm_ioctl_create_device(), kvm_device is allocated, but the kvm_device->destroy() path (kvm_eiointc_destroy()) does not free the allocated kvm_device struct, leading to a leak. Multiple sources (...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002705)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002705 advisory. The dmgetfromkobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service BUG by leveraging a race condition...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002086)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002086 advisory. Use-after-free vulnerability in the kvmioctlcreatedevice function in virt/kvm/kvmmain.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of...
EUVD-2020-23226
Malware in sbrugna...
EUVD-2022-55329
Malicious code in bioql PyPI...
EUVD-2025-27931
Malicious code in bioql PyPI...
EUVD-2023-33245
Malicious code in bioql PyPI...
CVE-2023-53307
In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...
DEBIAN-CVE-2023-53307
In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...
CVE-2023-53307 rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...