Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/smc: Use smclgrlist.lock to protect the iteration of smclgrlist.list when performing smcportadd. When performing smcportadd, there may be operations that modify smclgrlist.list simultaneously, which could lead to a kernel...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011375)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011375 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hns3: add vlan list lock to protect vlan list When adding port base VLAN, vf VLAN need to...

CVE-2026-23126 netdevsim: fix a race issue related to the operation on bpf_bound_progs list

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...

EUVD-2026-5910

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...

CVE-2025-68800

The CVE-2025-68800 issue affects the Linux kernel mlxsw spectrum_mr component. It arises from a use-after-free in multicast route stats updates when the driver traverses the multicast route list. A dedicated mutex was added (replacing the previous RTNL-based protection) to guard the list during u...

CVE-2023-54318

CVE-2023-54318 affects the Linux kernel in the net/smc code path. The issue stems from iterating smc_lgr_list.list in smcr_port_add without proper synchronization, allowing a linkgroup to be added or removed concurrently and potentially triggering a NULL dereference and kernel crash. The connecte...

CVE-2023-54318 net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add

In the Linux kernel, the following vulnerability has been resolved: net/smc: use smclgrlist.lock to protect smclgrlist.list iterate in smcrportadd While doing smcrportadd, there maybe linkgroup add into or delete from smclgrlist.list at the same time, which may result kernel crash. So, use...

CVE-2023-54067 btrfs: fix race when deleting free space root from the dirty cow roots list

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting free space root from the dirty cow roots list When deleting the free space tree we are deleting the free space root from the list fsinfo-dirtycowonlyroots without taking the lock that protects it,...

CVE-2023-53990

In the Linux kernel, the following vulnerability has been resolved: SMB3: Add missing locks to protect deferred close file list cifsdeldeferredclose function has a critical section which modifies the deferred close file list. We must acquire deferredlock before calling cifsdeldeferredclose functi...

CVE-2023-53990

CVE-2023-53990 pertains to the Linux kernel SMB3/cifs path. The issue arises from missing synchronization when modifying the deferred close file list inside cifs_del_deferred_close, creating a potential data race. The root cause is a missing acquire of the deferred_lock around the critical sectio...

CVE-2022-49003

CVE-2022-49003 involves a race in the Linux kernel NVMe multipath code where walking nvme_ns_head siblings protected by SRCU was not synchronized in nvme_mpath_revalidate_paths(), and concurrent scan work could free a namespace, causing a use-after-free. The fix protects the head’s SRCU during nv...

AZL-49590 CVE-2024-46678 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bonding: change ipseclock from spin lock to mutex In the cited commit, bond-ipseclock is added to protect ipseclist, hence xdodevstateadd and xdodevstatedelete are called inside this lock. As ipseclock is a spin lock and such...

GHSA-R326-MP8G-6XFC phpMyAdmin Bypass white-list protection for URL redirection

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

phpMyAdmin Bypass white-list protection for URL redirection

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

Design/Logic Flaw

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

CVE-2016-9861

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

CVE-2016-9861

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

Bypass white-list protection for URL redirection

PMASA-2016-66 Announcement-ID: PMASA-2016-66 Date: 2016-11-25 Updated: 2016-12-06 Summary Bypass white-list protection for URL redirection Description Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. Severity We consider this vulnerability to be of...