102 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: The call to fini during the creation of an execution queue fails. Every call to queue initialization should include a corresponding fini call. Skipping this would mean failing to remove the queue from the GuC list...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: For bpf on x86 architecture: Fixed the issue of not releasing bpfprogpack after its use. Syzbot reported several issues with bpfprogpack 1, 2. This issue only occurs when multiple subprogs are involved. In jitsubprogs, we firs...
CVE-2026-5479
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...
EUVD-2026-21292
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...
CVE-2026-5479
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...
CVE-2026-5479
In wolfSSL, the ChaCha20-Poly1305 AEAD decryption path in the EVP layer (wolfSSL_EVP_CipherFinal and related finalization functions) fails to verify the authentication tag before returning plaintext. As a result, when using the EVP API to decrypt ChaCha20-Poly1305, the tag may be computed or acce...
wolfSSL(CyaSSL) 安全漏洞
WolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. WolfSSL CyaSSL contains a security vulnerability. This vulnerability stems from the ChaCha20-Poly1305 AEAD decryption path in...
SUSE CVE-2026-23350
In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list which is part of gucid allocation. A damaged...
EUVD-2026-15321
In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list which is part of gucid allocation. A damaged...
CVE-2026-23350
In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list which is part of gucid allocation. A damaged...
CVE-2026-23350
In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list which is part of gucid allocation. A damaged...
UBUNTU-CVE-2026-23350
In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list which is part of gucid allocation. A damaged...
CVE-2026-23350 drm/xe/queue: Call fini on exec queue creation fail
In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list which is part of gucid allocation. A damaged...
CVE-2026-23350 drm/xe/queue: Call fini on exec queue creation fail
In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list which is part of gucid allocation. A damaged...
CVE-2026-23350
CVE-2026-23350 is a Linux kernel vulnerability in the drm/xe/queue path. The issue arises when an exec queue creation fails and is not properly finalized, leaving a damaged queue in exec_queue_lookup which can cause an invalid memory reference. The fix adds a finalization call (fini) for each que...
CVE-2026-23164 rocker: fix memory leak in rocker_world_port_post_fini()
In the Linux kernel, the following vulnerability has been resolved: rocker: fix memory leak in rockerworldportpostfini In rockerworldportpreinit, rockerport-wpriv is allocated with kzallocwops-portprivsize, GFPKERNEL. However, in rockerworldportpostfini, the memory is only freed when...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
miniserve affected by a TOCTOU and symlink race vulnerability
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...