95 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Fix freeirq on remove By passing the correct devid to freeirq, this issue can be fixed when the driver is unbound. WARNING: CPU: 0, PID: 30, at kernel/irq/manage.c:1895 – freeirq Trying to free an already freed IRQ...
CVE-2026-45936
A flaw was found in the Linux kernel's goldfish power supply driver. A race condition during driver removal or initialization can lead to a use-after-free vulnerability. This allows an interrupt to access a freed or uninitialized power supply handle, which can cause the system to crash, resulting...
CVE-2026-45936
In the Linux kernel, the following vulnerability has been resolved: power: supply: goldfish: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...
CVE-2026-45936
The CVE-2026-45936 entry concerns a race in the Linux kernel power_supply_changed() handling for Goldfish power supplies. The issue arises when using devm_ allocations for IRQs before the power_supply handle is allocated/registered, creating a window where an interrupt fires after the power_suppl...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that IRQ requests in power/supply/goldfish are registered before powersupply is allocate...
CVE-2026-45936
power: supply: goldfish: Fix use-after-free in powersupplychanged...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In tty: goldfish, use ttyportdestroy to destroy the port. In goldfishttyprobe, the port initialized through ttyportinit should be destroyed in error paths. In goldfishttyremove, qtty-port also should be destroyed; otherwise,...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991184)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991184 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Use ttyportdestroy to destroy port In goldfishttyprobe, the port initialized throu...
EUVD-2025-117336
Malicious code in handicapped-crimson-goldfish npm...
EUVD-2025-117273
Malicious code in legal-plum-goldfish npm...
EUVD-2025-117108
Malicious code in scornful-lime-goldfish npm...
Malicious code in mighty_goldfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2adf5a80867c1110ec24c679f8b095e8b449186df7c8f8688122ce9d0cdff49 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-131861 Malicious code in absent_goldfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d022e4d5962c610622f7a6aa4443dd1ccfc7e1b972c2fb19cbf8eea5b0addb5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-102699
Malicious code in reducedgoldfishz3n npm...
EUVD-2025-98433
Malicious code in grumpygoldfishz3n npm...
EUVD-2025-100330
Malicious code in commercialgoldfishz3n npm...
Malicious code in commercial_goldfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e62be4bce3ee22ffe3dec82496b2503987eacef79b1ce9af4170732aea1005 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-126969 Malicious code in grumpy_goldfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1dd466a447c5ca9a6b61d5949701f4f1cb2cc5797c379e8a6f052884db73ab7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-125575 Malicious code in compatible_goldfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b2b6d9b7008b15357dad44c51f9c5e096c3c2ef792155208ac5adadd6299657 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-89486
Malicious code in physicalgoldfishz3n npm...