95 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
A race condition was identified in the vtkioctl function within drivers/tty/vt/vtioctl.c in the Linux kernel. This may lead to an out-of-bounds read, as the write access to vcmode is not protected by a lock in vtioctl KDSETMDE. The primary threat of this vulnerability is data confidentiality...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Bonding: A buffer overflow issue was fixed in the bondoptionarpiptargetsset function. In this function, if newval-string is an empty string, newval-string+1 will point to the byte after the string, leading to a buffer overflow an...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: jffs2: Prevent the xattr node from overflowing the eraseblock. A check has been added to ensure that the requested xattr node size is not larger than the eraseblock minus the cleanmarker. Unlike traditional inode nodes, xattr...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003953)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003953 advisory. An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoiding soft lockup when using mprotect on a large memory area When calling mprotect on a large hugetlb memory area in our customer’s workload 300GB of hugetlb memory, soft lockup was observed: watchdog: BUG: soft...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fixed a potential out-of-bounds write in lan743xptpioeventclockget. Before calling lan743xptpioeventclockget, the ‘channel’ value is checked against the maximum value of PCI11X1XPTPIOMAXCHANNELS8. This seems correct...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: nvdec: Fix the dmaalloccoherent error check A check has been added to prevent a NULL return value from occurring when using dmaalloccoherent. This change follows Robin’s fix for the vic.c file in drm/tegra: vic: Fix DM...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: drm/vrr: Set VRR capable prop only if it is attached to connector VRR capable property is not attached by default to the connector It is attached only if VRR is supported. So if the driver tries to call drm core set prop function...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection, as a cycle in the process could lead to a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also iterates through the maps via t...
SUSE CVE-2020-28588
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it's likely that all...
Debian dla-3349 : linux-config-5.10 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3349 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3349-1 [email protected]...
CVE-2022-47946
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in iosqpollwaitsq in fs/iouring.c allows an attacker to crash the kernel, resulting in denial of service. finishwait can be skipped. An attack can occur in some situations by forking a process and then quickly...
CVE-2022-47946
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in iosqpollwaitsq in fs/iouring.c allows an attacker to crash the kernel, resulting in denial of service. finishwait can be skipped. An attack can occur in some situations by forking a process and then quickly...
AZL-6595 CVE-2021-40490 affecting package kernel for versions less than 5.10.78.1-1
A race condition was discovered in ext4writeinlinedataend in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13...
UBUNTU-CVE-2020-28588
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that all...