Astra Linux - уязвимость в linux-5.10, linux-5.15

A race condition was detected in the Linux kernel’s watch queue due to a missing lock in the piperesizering function. The specific flaw lies in the handling of pipe buffers. The problem arises from the lack of proper locking when performing operations on an object. This flaw allows a local user t...

CVE-2026-22819 Outray has a Race Condition in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5...

CVE-2026-22819

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5...

CVE-2023-54032

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting quota root from the dirty cow roots list When disabling quotas we are deleting the quota root from the list fsinfo-dirtycowonlyroots without taking the lock that protects it, which is struct...

kernel: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix "bad unlock balance" in l2capdisconnectrsp conn-chanlock isn't acquired before l2capgetchanbyscid, if l2capgetchanbyscid returns NULL, then 'bad unlock balance' is triggered...

AZL-66653 CVE-2025-38643 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211checkandendcac Callers of wdevchandef must hold the wiphy mutex. But the worker cfg80211propagatecacdonewk never takes the lock. Which triggers the warning below with the...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52778: mptcp: deal with large GSO size bsc1224948. CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision...

kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service...

CVE-2020-15668

A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox 80 and Firefox for Android 80...