Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: fix reference leak The commit 20d72b00ca81 “netfs: Fix the request’s work item to not require a ref” modifies netfsallocrequest to initialize the reference counter to 2 instead of 1. The rationale is that the request’s...

Astra Linux - уязвимость в linux

In the Linux kernel, from drivers/block/nbd.c up to version 5.10.12, there is a use-after-free in the nbdaddsocket function. This issue could be triggered by local attackers who have access to the nbd device. The attack occurs during I/O requests at a certain point in device setup, specifically...

PT-2026-2937

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.20.1 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A heap use-after-free condition exists in the irp thread func function because the IRP is freed by irp-Complete and subsequently...

EUVD-2025-123034

Malicious code in pyxis-quark-io-request npm...

Linux Distros Unpatched Vulnerability : CVE-2025-40007

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfs: fix reference leak Commit 20d72b00ca81 netfs: Fix the request's work item to not require a ref modified netfsallocrequest to initialize the reference...

CVE-2025-40007

In the Linux kernel, the following vulnerability has been resolved: netfs: fix reference leak Commit 20d72b00ca81 "netfs: Fix the request's work item to not require a ref" modified netfsallocrequest to initialize the reference counter to 2 instead of 1. The rationale was that the requet's "work"...

CVE-2025-40007 netfs: fix reference leak

In the Linux kernel, the following vulnerability has been resolved: netfs: fix reference leak Commit 20d72b00ca81 "netfs: Fix the request's work item to not require a ref" modified netfsallocrequest to initialize the reference counter to 2 instead of 1. The rationale was that the requet's "work"...

CVE-2023-53609

In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: core: Do not increase scsidevice's iorequestcnt if dispatch failed" The "atomicinc&cmd-device-iorequestcnt" in scsiqueuerq would cause kernel panic because cmd-device may be freed after returning from...

SUSE CVE-2025-23154

In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix ioreqpostcqe abuse by send bundle 114.987980 T5313 WARNING: CPU: 6 PID: 5313 at iouring/iouring.c:872 ioreqpostcqe+0x12e/0x4f0 114.991597 T5313 RIP: 0010:ioreqpostcqe+0x12e/0x4f0 115.001880 T5313 Call Trace:...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ioreqpostcqe being abused by the send bundle, which could lead to error logging...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure of the cifs module to properly handle memory pools when destroying cifsiorequestpool, which coul...

kernel: ovl: fix use after free in struct ovl_aio_req

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 "ovl: fix use...

SUSE CVE-2012-0058

The kiocbbatchfree function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service OOPS via vectors that trigger incorrect iocb management...

SUSE CVE-2016-7423

The mptsasprocessscsiiorequest function in QEMU aka Quick Emulator, when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash via vectors involving MPTSASRequest objects...

SUSE CVE-2018-19963

An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service host OS crash or possibly gain host OS privileges because x86 IOREQ server resource accounting for external emulators was mishandled...

SUSE CVE-2020-11089

In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions parallelprocessirpcreate, serialprocessirpcreate, driveprocessirpwrite, printerprocessirpwrite, rdpeirecvpdu, serialprocessirpwrite. This has been fixed in 2.1.0...

CVE-2022-43588

A null pointer dereference vulnerability exists in the handleioctl83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially crafted I/O request packet IRP can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability...

Amazon WorkSpaces integer overflow vulnerability

Amazon Workspaces is a fully managed persistent desktop virtualization service from Amazon that lets your users access the data, applications, and resources they need from any supported device, anytime, anywhere. Amazon Workspaces is vulnerable to an integer overflow vulnerability that could be...

Donglify Buffer Overflow Vulnerability

Donglify is an application for sharing Usb security keys over the Internet by Electronic Team USA. Donglify suffers from a buffer overflow vulnerability that can be exploited by a local attacker to cause a denial of service memory corruption and OS crash by executing arbitrary code in kernel mode...

CVE-2021-43006

AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal DVM Tools = v3.3.148.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request...