376 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed a segmentation fault in rxecompqueuepkt. In rxecompqueuepkt, an incoming response packet is enqueued into the resppkts queue. Then, it is decided whether to run the completer task inline or schedule it. Finally, t...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: netem: fixed the return value if duplicate enqueue fails. There is a bug in netemenqueue, introduced by the commit 5845f706388a “net: netem: fix skb length BUGON in skbtosgvec”, which can lead to a use-after-free. This commit...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: netlink: afnetlink: Added a check on the len parameter to prevent empty skb objects. This prevents a division error in the netemenqueue function, which occurs when skb-len=0 and skb-datalen=0 during the randomized corruption...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
The atmtcenqueue function in the net/sched/schatm.c file of the Linux kernel, as of version 6.1.4, allows attackers to cause a denial of service due to type confusion. In some cases, non-negative numbers can indicate a TCACTSHOT condition instead of valid classification results...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciuart: A missing NULL check was added in h5enqueue. The Syzbot encountered a general protection fault in pmruntimeresume. The issue was due to a missing NULL check. hu-serdev can be NULL, and we should not blindly...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: schedext: Fixed stale direct dispatch state in ddspdsqid. @p-scx.ddspdsqid can be left set non-SCXDSQINVALID, causing a spurious warning in markdirectdispatch when the next wakeup’s ops.selectcpu calls scxbpfdsqinsert. For exampl...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when bufferlimit is set to bufferlimit. The following setup can trigger a warning in htbactivate due to the condition: !cl-leaf.q-q.qlen. Example command: bash tc qdisc del dev lo root...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop a new packet when sch-limit == 0. Expected behavior: If the scheduler’s limit is reached, pfifotailenqueue will drop a packet from the scheduler’s queue and decrease the scheduler’s qlen by one. Then,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: be2net: fixed a potential memory leak in bexmit. bexmit returns NETDEVTXOK without freeing the skb variable, in case bexmitenqueue fails. To address this issue, add devkfreeskbany to properly handle the situation...
CVE-2026-7526
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueueblockassets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...
kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...
kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...
kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...
kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2026-7526 PDF Embedder <= 4.9.3 - Authenticated (Contributor+) Information Exposure via Block Editor Page
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueueblockassets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...
EUVD-2026-32743
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueueblockassets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...
CVE-2026-7526 PDF Embedder <= 4.9.3 - Authenticated (Contributor+) Information Exposure via Block Editor Page
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueueblockassets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...
CVE-2026-46041
In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: fix sleep in atomic context in hdlctxframes hdlcappend calls usleeprange to wait for circular buffer space, but it is called with txproducerlock a spinlock held via hdlctxframes -...
kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...