216 matches found
EUVD-2026-38815
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port is removed from the qrtrports XArray and before the RCU grace period...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: The issue of out-of-bounds access during the spinorseterasetype function has been fixed. The spinorseterasetype function was used either to set or to mask an erase type. When it was used to mask an erase type, an...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: block: fixed an integer overflow in BLKSECDISCARD I independently rediscovered this issue. The related commits are: commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fixed the overflow in blkioctldiscard However, the same...
SUSE CVE-2026-46316
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach and drops the cache's reference on each entry with vgicputirq. It puts...
CVE-2026-46316
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach and drops the cache's reference on each entry with vgicputirq. It puts...
Astra Linux - уязвимость в vim
A heap-based buffer overflow vulnerability exists in the cmdlineerasechars function in the GitHub repository of vim/vim, prior to version 8.2.4899. These vulnerabilities can cause software to crash, modify memory, and may lead to remote execution...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013564)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013564 advisory. In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spinorseterasetype spinorseterasetype was used either to...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011155)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011155 advisory. In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spinorseterasetype spinorseterasetype was used either to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011073)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011073 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: Fix UAF wear-leveling entry in eraseblkcountseqshow Wear-leveling entry could be freed in...
SUSE CVE-2026-23434
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...
CVE-2026-23434
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...
CVE-2026-23434
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...
CVE-2026-23434
CVE-2026-23434 affects the Linux kernel MTD NAND driver (mtd: rawnand) where nand_lock()/nand_unlock() call into chip->ops.lock_area/unlock_area without holding the NAND device lock. The fix introduces serialisation by wrapping those lock/unlock calls with nand_get_device()/nand_release_device...
PT-2026-30129
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw where nand lock and nand unlock functions did not hold the NAND device lock when calling chip-ops.lock area/unlock area. This could lead to race...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
EUVD-2025-208272
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
PT-2026-22927
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
CVE-2025-70342
CVE-2025-70342: erase-install prior to v40.4 (commit 2c31239) writes swiftDialog credential output to a hardcoded path (/var/tmp/dialog.json), enabling an unauthenticated attacker to intercept admin credentials during reinstall/erase operations by creating a named pipe. This document provides the...