436 matches found
CVE-2026-22976
In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...
CVE-2026-22976
CVE-2026-22976 affects the Linux kernel’s net/sched sch_qfq, where two qfq_class objects can reference the same leaf_qdisc. In certain teardown paths (e.g., when a qdisc is pending destruction via tc_new_tfilter and another qdisc is root-attached), a shared leaf_qdisc may have q.qlen > 0 while...
CLSA-2026-1768824748 kernel: Fix of 7 CVEs
fs/proc: fix uaf in procreaddirde CVE-2025-40271 - fs: fix UAF/GPF bug in nilfsmdtdestroy CVE-2022-2978 - Bluetooth: L2CAP: fix "bad unlock balance" in l2capdisconnectrsp CVE-2023-53297 - net: sched: sfb: fix null pointer access issue when sfbinit fails CVE-2022-50356 - ALSA: usb-audio: Fix size...
kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a potential UAF in hfscdequeue too Similarly to the previous patch, we need to safe guard hfscdequeue too. But for this one, we don't have a reliable reproducer...
ROS-20260119-7309
A vulnerability in the net/sched/schsfq.c component of the Linux operating system kernel is related to unchecked array indexing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992580)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992580 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balanc...
kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails
A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...
kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails
A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...
kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails
A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...
kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling
In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfscchangeclass when...
RHEL 7 : kernel (RHSA-2025:21063)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21063 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: HID: core: fix...
EUVD-2025-92050
Malicious code in fairhummingbirdz3n npm...
kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
A flaw was found in the HFSC queueing discipline implementation in the Linux kernel. When a packet is enqueued and the child qdisc's peek function is called before properly updating the HFSC queue's length and backlog counters, a race condition can occur. In some cases, the peek operation may...
EUVD-2025-79264
Malicious code in fairwormz3n npm...
MAL-2025-102502 Malicious code in fair_worm_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31fe0176745583688bb263a9d98c6c481209217cedb83610d0b0fa97572bffd0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-81948
Malicious code in fairwoodpeckerreplicateautomation npm...
EUVD-2025-64138
Malicious code in faircranerequirement npm...
Malicious code in fair_crane_requirement (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16b9ac4c993b205e6d165d9a9114000c80c5ffc1aa19061153e0dbfaac415274 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-94416 Malicious code in fair_crane_requirement (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16b9ac4c993b205e6d165d9a9114000c80c5ffc1aa19061153e0dbfaac415274 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-94419 Malicious code in fair_tortoise_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 165d6a8900d44329e810d6fe2dcd6f4c68fc8d55e5e39b2d2b3d44c99f22ed1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...