95 matches found
CVE-2026-45936
A flaw was found in the Linux kernel's goldfish power supply driver. A race condition during driver removal or initialization can lead to a use-after-free vulnerability. This allows an interrupt to access a freed or uninitialized power supply handle, which can cause the system to crash, resulting...
CVE-2026-45936
CVE-2026-45936 affects the Linux kernel power subsystem for Goldfish (power_supply) and describes a use-after-free race between IRQ handling and power_supply lifecycle when using devm_ for IRQ and power_supply handle management. The issue occurs because the IRQ is requested before the power_suppl...
CVE-2026-45936
In the Linux kernel, the following vulnerability has been resolved: power: supply: goldfish: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...
CVE-2026-45936
power: supply: goldfish: Fix use-after-free in powersupplychanged...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that IRQ requests in power/supply/goldfish are registered before powersupply is allocate...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Fix freeirq on remove Pass the correct devid to freeirq to avoid this error when the driver is unbound. WARNING: CPU: 0, PID: 30, at kernel/irq/manage.c:1895 – freeirq Trying to free an already freed IRQ 65. Call...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: In tty: goldfish, use ttyportdestroy to destroy the port. In goldfishttyprobe, the port initialized through ttyportinit should be destroyed in error paths. In goldfishttyremove, qtty-port also should be destroyed to prevent...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991184)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991184 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Use ttyportdestroy to destroy port In goldfishttyprobe, the port initialized throu...
EUVD-2025-117336
Malicious code in handicapped-crimson-goldfish npm...
EUVD-2025-117108
Malicious code in scornful-lime-goldfish npm...
EUVD-2025-117273
Malicious code in legal-plum-goldfish npm...
Malicious code in mighty_goldfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2adf5a80867c1110ec24c679f8b095e8b449186df7c8f8688122ce9d0cdff49 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-131861 Malicious code in absent_goldfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d022e4d5962c610622f7a6aa4443dd1ccfc7e1b972c2fb19cbf8eea5b0addb5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-102699
Malicious code in reducedgoldfishz3n npm...
Malicious code in commercial_goldfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e62be4bce3ee22ffe3dec82496b2503987eacef79b1ce9af4170732aea1005 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-126969 Malicious code in grumpy_goldfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1dd466a447c5ca9a6b61d5949701f4f1cb2cc5797c379e8a6f052884db73ab7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-125575 Malicious code in compatible_goldfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b2b6d9b7008b15357dad44c51f9c5e096c3c2ef792155208ac5adadd6299657 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-100330
Malicious code in commercialgoldfishz3n npm...
EUVD-2025-98433
Malicious code in grumpygoldfishz3n npm...
EUVD-2025-89486
Malicious code in physicalgoldfishz3n npm...