Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfdapi to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an...

UBUNTU-CVE-2022-50812

In the Linux kernel, the following vulnerability has been resolved: security: Restrict CONFIGZEROCALLUSEDREGS to gcc or clang 15.0.6 A bad bug in clang's implementation of -fzero-call-used-regs can result in NULL pointer dereferences see the links above the check for more information. Restrict...

PT-2025-20532 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A issue in the Linux kernel has been identified where the sched yield syscall may not cause scheduling in time-travel mode, potentially leading to extreme slowdown or deadlock. This is...

Configure TIME_WAIT for TCP

TIMEWAIT indicates the time for TCP to wait for connection destruction. If this parameter is set to a large value, a large number of TCP connections are not closed and DoS attacks occur. You are advised to set this parameter to a value less than or equal to 60. SPDX-FileCopyrightText: 2025...

Disable SysRq

SysRq enables users with physical access to access dangerous system-level commands in a computer. Therefore, it is advised to restrict the usage of the SysRq function. If SysRq is not disabled, you can use the keyboard to trigger SysRq. As a result, commands may be directly sent to the kernel,...

SUSE CVE-2024-41027

In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfdapi to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an...

Linux DRM drm_file_update_pid() Race Condition / Use-After-Free

Linux: DRM: refcount incremented too late in drmfileupdatepid I am sending this to security@ and to the drm-misc maintainers - based on https://drm.pages.freedesktop.org/maintainer-tools/committer-drm-misc.htmlmerge-criteria I think this falls into drm-misc's area of responsibility? === summary =...

SUSE CVE-2021-47393

In the Linux kernel, the following vulnerability has been resolved: hwmon: mlxreg-fan Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, setting current fan speed to 20 is used to enforce fan speed to be at 100% speed, 19...

CVE-2023-52855

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In dwc2hcdurbenqueue, "urb-hcpriv = NULL" is executed without holding the lock "hsotg-lock". In dwc2hcdurbdequeue: spinlockirqsave&hsotg-lock, flags;...

UBUNTU-CVE-2021-47430

In the Linux kernel, the following vulnerability has been resolved: x86/entry: Clear X86FEATURESMAP when CONFIGX86SMAP=n Commit 3c73b81a9164 "x86/entry, selftests: Further improve user entry sanity checks" added a warning if AC is set when in the kernel. Commit 662a0221893a3d "x86/entry: Fix AC...

CVE-2021-47209 sched/fair: Prevent dead task groups from regaining cfs_rq's

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfsrq's Kevin is reporting crashes which point to a use-after-free of a cfsrq in updateblockedaverages. Initial debugging revealed that we've live cfsrq's onlist=1 in an about t...

SUSE CVE-2023-52562

In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: fix slabcaches list corruption after kmemcachedestroy After the commit in Fixes:, if a module that created a slab cache does not release all of its allocated objects before destroying the cache at rmmod time, we...

kernel: srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL

A synchronization flaw was found in the Linux kernel Sleepable Read-Copy-Update SRCU implementation. The subsystem assumed that central processing unit CPU 0 was always online. On systems where CPU 0 is offline, such as crash-kernel configurations using a different boot CPU, SRCU work could be...

CVE-2023-43783

Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configuration...

CVE-2023-28842

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

Design/Logic Flaw

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

GHSA-6WRF-MXFJ-PF5P Docker Swarm encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

GSD-2022-1004240 powerpc/prom_init: Fix kernel config grep

powerpc/prominit: Fix kernel config grep This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.10 by commit...

kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c

A flaw was discovered in processing setsockopt IPTSOSETREPLACE or IP6TSOSETREPLACE for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leverage...