131 matches found
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: List: Fixed a data race around ep-rdllist. The eppoll function first calls epeventsavailable without holding a lock and checks if ep-rdllist is empty using listemptycareful, which reads from rdllist-prev. Therefore, all access...
Canonical Ubuntu Linux 安全漏洞
Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8 version contained a security vulnerability. This vulnerability stemmed from the lack of lock acquisition when modifying linked lists, which could lead to race conditions...
TrendAI Vision One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in the abort path When adding or removing controllers, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dmafree attrs+0x33/0x50 CPU:...
EUVD-2026-28688
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...
CVE-2026-43382
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...
CVE-2026-43382
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...
CVE-2026-43382
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...
CVE-2026-43382 batman-adv: Avoid double-rtnl_lock ELP metric worker
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...
CVE-2026-43382
Summary: CVE-2026-43382 affects the Linux kernel batman-adv component. The issue arises when batadv_v_elp_get_throughput() runs with the RTNL lock already held, which could cause a deadlock during cancellation of a work item. The fix switches to rtnl_trylock to skip ethtool retrieval if the RTNL ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: netlink: Annotate lockless accesses to nlk-maxrecvmsglen. syzbot reported a data race in netlinkrecvmsg. Indeed, netlinkrecvmsg can be executed concurrently, and netlinkdump also requires protection. 1 Bug: KCSAN: Data race in...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: afunix: Fixed a data race in unixdgrampeerwakeme. unixdgrampoll calls unixdgrampeerwakeme without ensuring that the other lock is held, and without checking whether the receive queue is full. In this case, we need to use...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: Reverted “scsi: qla2xxx: Perform lockless command completion in abort path”. This revertment is associated with the commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9. The committed code added code to qla2x00abortallcmds to ca...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013000)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013000 advisory. In the Linux kernel, the following vulnerability has been resolved: netlink: annotate lockless accesses to nlk-maxrecvmsglen syzbot reported a data-race in data-race...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006583)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006583 advisory. In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk-skbounddevif UDP sendmsg is lockless, and reads sk-skbounddevif whi...
Linux Distros Unpatched Vulnerability : CVE-2026-23449
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: teql: Fix double-free in teqlmasterxmit Whenever a TEQL devices has a lockless Qdisc as root, qdiscreset should be called using the seqlock to avoid...
EUVD-2026-18698
In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teqlmasterxmit Whenever a TEQL devices has a lockless Qdisc as root, qdiscreset should be called using the seqlock to avoid racing with the datapath. Failure to do so may cause crashes like the...
CVE-2026-23449
In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teqlmasterxmit Whenever a TEQL devices has a lockless Qdisc as root, qdiscreset should be called using the seqlock to avoid racing with the datapath. Failure to do so may cause crashes like the...
UBUNTU-CVE-2026-23449
In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teqlmasterxmit Whenever a TEQL devices has a lockless Qdisc as root, qdiscreset should be called using the seqlock to avoid racing with the datapath. Failure to do so may cause crashes like the...
CVE-2026-23449 net/sched: teql: Fix double-free in teql_master_xmit
In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teqlmasterxmit Whenever a TEQL devices has a lockless Qdisc as root, qdiscreset should be called using the seqlock to avoid racing with the datapath. Failure to do so may cause crashes like the...