1626 matches found
CVE-2026-52912
The CVE-2026-52912 affects the Linux kernel netfilter nf_queue handling of bridge LOCAL_IN traffic. br_pass_frame_up() rewrites skb->dev from the ingress port to the bridge master before queueing, allowing a queued bridge packet to retain a freed bridge master in skb->dev. On reinjection, b...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: The vulnerability relates to hardening the uplink netdev access in case the device is unbound. The function mlx5uplinknetdevget retrieves the uplink netdevice pointer from mdev-mlx5eres.uplinknetdev. However, the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: In the net: rose module, the function rosekillbydevice collects sockets into a local array, and then iterates over those arrays to disconnect sockets bound to devices that are being shut down. The loop mistakenly indexes arraycnt...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: fixed a race condition in mptcpschedulework syzbot reported a use-after-free in mptcpschedulework 1 The issue arises from mptcpschedulework scheduling a task, then checking the refcount of sk-skrefcnt if the task was...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: tls: Purged asynchold from tlsdecryptasyncwait The asynchold queue holds encrypted input data while the AEAD engine references their scatterlist data. Once tlsdecryptwait returns, all AEAD operations are completed, and the engine...
Linux Distros Unpatched Vulnerability : CVE-2026-45884
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apparmor: avoid per-cpu hold underflow in aagetbuffer When aagetbuffer pulls from the per-cpu list it unconditionally decrements cache-hold. If hold reaches 0...
kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...
kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...
kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...
CVE-2026-6957
Mattermost Plugin versions ≤ 1.1.5 are affected by a path traversal vulnerability in the export path construction from unsanitized filenames received from federated peers. An attacker — specifically an administrator of a remote federated Mattermost server — can cause files to be written to arbitr...
CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.
Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...
CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.
Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...
UBUNTU-CVE-2026-45884
In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid per-cpu hold underflow in aagetbuffer When aagetbuffer pulls from the per-cpu list it unconditionally decrements cache-hold. If hold reaches 0 while count is still non-zero, the unsigned decrement wraps to UINTMAX...
CVE-2026-45884
Summary of CVE-2026-45884 (Linux kernel, AppArmor): The issue is an integer underflow in aa_get_buffer() when dequeuing from the per-CPU list. If cache->hold drops to zero while count is non-zero, the unsigned decrement can wrap to UINT_MAX, keeping hold non-zero and causing aa_put_buffer() to...
PT-2026-43751
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the AppArmor module where the aa get buffer function unconditionally decrements the cache-hold variable when pulling from the per-cpu list. If hold reaches 0 while cou...
kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...
This Is a Hold-Up: Financial Services Under Attack
...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: macsec: Fixed the UAF bug related to realdev. A new macsec device was created, but there was no reference to realdev. This does not ensure that realdev is freed after the macsec device is removed. This will trigger the UAF bug...
CVE-2026-43455
In the Linux kernel, the following vulnerability has been resolved: mctp: route: hold key-lock in mctpflowprepareoutput mctpflowprepareoutput checks key-dev and may call mctpdevsetkey, but it does not hold key-lock while doing so. mctpdevsetkey and mctpdevreleasekey are annotated with...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the repeated invocation of xfrmpolholdrcu in the xfrmmigratepolicyfind function, leading to an...