Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftct: Skip evaluation of expectations for confirmed conntrack entries. The nftctexpectobjeval function calls nfctextadd for a confirmed conntrack entry. However, nfctextadd can only be called when !nfctisconfirmed ...

CVE-2025-66023 NanoMQ has Use-After-Free of malformed bridging message

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free UAF vulnerability within the MQTT bridge client component implemented via the underlying NanoNNG library. The vulnerability is triggered when NanoMQ acts as a bridge connecting ...

SUSE CVE-2023-54195

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix timeout of a call that hasn't yet been granted a channel afsmakecall calls rxrpckernelbegincall to begin a call which may get stalled in the background waiting for a connection to become available; it then calls...

CVE-2023-54195

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix timeout of a call that hasn't yet been granted a channel afsmakecall calls rxrpckernelbegincall to begin a call which may get stalled in the background waiting for a connection to become available; it then calls...

CVE-2023-54195

CVE-2023-54195 affects the Linux kernel’s rxrpc stack. A call that hasn’t been granted a channel could timeout prematurely because rxrpc_kernel_set_max_life() started the call timer before a connection was assigned, risking a NULL pointer dereference. The published fixes note to record timeouts i...

CVE-2023-54195 rxrpc: Fix timeout of a call that hasn't yet been granted a channel

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix timeout of a call that hasn't yet been granted a channel afsmakecall calls rxrpckernelbegincall to begin a call which may get stalled in the background waiting for a connection to become available; it then calls...

PT-2025-54024

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc7-build3+ 701 Description A flaw exists in the Linux kernel's rxrpc subsystem related to call timeouts. Specifically, the issue occurs when a call is stalled while waiting for a connection, potentially...

DEBIAN-CVE-2021-47129

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: skip expectations for confirmed conntrack nftctexpectobjeval calls nfctextadd for a confirmed conntrack entry. However, nfctextadd can only be called for !nfctisconfirmed. 1825.349056 WARNING: CPU: 0 PID: 1279 a...

UBUNTU-CVE-2021-47129

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: skip expectations for confirmed conntrack nftctexpectobjeval calls nfctextadd for a confirmed conntrack entry. However, nfctextadd can only be called for !nfctisconfirmed. 1825.349056 WARNING: CPU: 0 PID: 1279 a...

SUSE CVE-2016-10728

An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the toclient direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PT-2021-8259 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the nft ct expect obj eval function in the Linux kernel's netfilter component. It is caused by the function calling nf ct ext add for a confirmed...