Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerabilities have been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hexadecimal numbers or similar elements. However,...

Astra Linux - уязвимость в edk2

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage function. An attacker may cause memory corruption due to an overflow through an adjacent network. Successful exploitation of this vulnerability could result in a loss of confidentiality, integrity, and/or availability...

MilanLaunchy Firmware Loader

References CVE-2021-26315: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1021.html CVE-2024-21944: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html CVE-2024-21981: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html &...

CLSA-2026-1778276927 kernel: Fix of 33 CVEs

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present - xfrm: esp: avoid in-place decrypt on shared skb frags - ext4: avoid OOB when system.data xattr changes underneath the filesystem CVE-2024-47701 - gpiolib: cdev: fix uninitialised kfifo CVE-2024-36898 - wifi: mt76: Fix...

Astra Linux - уязвимость в linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usbendpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. In this case there was an interrupt endpoint where the driver expected a bu...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: A use-after-free occurred during the unregister operation. In the following code within firmwareUploadUnregister, the call to deviceUnregister could cause the devrelease function to free the fwUploadPriv structure...

CVE-2026-37540

OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elfloader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems STM32MP1, Zynq, i.MX, large values can...

EUVD-2022-55233

Malicious code in bioql PyPI...

EUVD-2022-55231

Malicious code in bioql PyPI...

EUVD-2024-51874

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-49951

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within...

Linux Distros Unpatched Vulnerability : CVE-2022-49949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix memory leak in firmware upload In the case of firmware-upload, an instan...

SUSE CVE-2022-49951

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...

CVE-2022-49951

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...

DEBIAN-CVE-2022-49951

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...

DEBIAN-CVE-2022-49949

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fwupload is allocated in firmwareuploadregister. This data needs to be freed in fwdevrelease. Create a new fwuploadfree...

UBUNTU-CVE-2022-49949

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fwupload is allocated in firmwareuploadregister. This data needs to be freed in fwdevrelease. Create a new fwuploadfree...

CVE-2022-49951

CVE-2022-49951 concerns the Linux kernel firmware_loader use-after-free during unregister. In firmware_upload_unregister(), device_unregister() could free fw_upload_priv via dev_release before module_put() dereferences it. The documented fix copies fw_upload_priv->module to a local variable an...

CVE-2022-49951 firmware_loader: Fix use-after-free during unregister

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...

CVE-2022-49951

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...