637 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: “Revert ‘tty: ngsm: fix UAF in gsmcleanupmux’” This reversion involves commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The above commit was reverted because it did not solve the original issue. The function gsmcleanupmux attempt...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix possible out-of-bounds access in gsm0receive The assumptions are as follows: - Side A configures ngsm in Basic Option Mode. - Side B sends a frame with a Basic Option Mode header, where the data length is 1. - Side...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: tty: ngsm: Fixed a use-after-free in gsmcleanupmux. Bug: KASAN: Slab-use-after-free in gsmcleanupmux+0x77b/0x7b0. drivers/tty/ngsm.c:3160 ngsm Read of size 8 at addr ffff88815fe99c00 by task poc/3379. CPU: 0; UID: 0; PID: 3379...
Systematic Cybersecurity Risk Analysis of European Rail Traffic Management System
European Rail Traffic Management System ERTMS is a widely adopted standard unifying train management in the EU. While the standard allows for use cases like fully autonomous driving, cybersecurity has been an afterthought. Risk analysis enables the systematic assessment and prioritization of...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: added a sanity check for gsm-receive in gsmreceivebuf A null pointer dereference can occur when attempting to access the “gsm-receive” function in gsmldreceivebuf. Currently, the code assumes that gsm-recieve is only...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
A race condition was detected in the GSM 0710 tty multiplexor within the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled. It can lead to a use-after-free issue with the struct gsmdlci during the...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: requires CAPNETADMIN to attach NGSM0710 ldisc Any unprivileged user can attach to NGSM0710 ldisc, but it still requires CAPNETADMIN to create a GSM network. Additionally, requiring CAPNETADMIN for the initial namespace...
CVE-2026-8266
A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsmbuildpdusessionestablishmentaccept of the file /src/smf/gsm-build.c of the component SMF. The manipulation results in denial of service. The attack can be launched remotely. The exploit is now public and may be used...
EUVD-2026-29050
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...
CVE-2026-8288
Open5GS SMF vulnerability CVE-2026-8288 affects the gsm_handle_pdu_session_modification_qos_flow_descriptions function in gsm-handler.c. Input manipulation of n1SmMsg can trigger a denial of service, with remote exploitation and a publicly disclosed exploit. A fix is proposed in a pull request aw...
CVE-2026-8288
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...
CVE-2026-8288 Open5GS SMF gsm-handler.c denial of service
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...
EUVD-2026-29023
A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsmbuildpdusessionestablishmentaccept of the file /src/smf/gsm-build.c of the component SMF. The manipulation results in denial of service. The attack can be launched remotely. The exploit is now public and may be used...
SUSE CVE-2026-6870
GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
Wireshark 2.4.x < 2.4.7 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.4.7. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.4.7 advisory. - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was...
Wireshark 4.4.x < 4.4.15 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is prior to 4.4.15. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.4.15 advisory. - RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of servic...
Wireshark 4.4.x < 4.4.15 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.4.15. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.4.15 advisory. - RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial ...
Wireshark 2.2.x < 2.2.15 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is prior to 2.2.15. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.15 advisory. - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in...
CVE-2026-6870
GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
CVE-2026-6870
GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...