230 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: xsk: Validate the MTU against the usable frame size when binding. The AFXDP binding currently accepts zero-copy pool configurations without verifying that the device’s MTU fits within the usable frame space provided by the UMEM...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: cgroup/dmem: avoided UAF in the pool An UAF issue was observed: BUG: KASAN: slab-use-after-free in pagecounteruncharge+0x65/0x150 Write of size 8 at addr ffff888106715440 by task insmod/527 CPU: 4 UID: 0 PID: 527 Comm: insmod...
Astra Linux - уязвимость в netcdf
The ezxmlnew function in ezXML 0.8.6 and earlier is vulnerable to OOB write attacks when opening an XML file after exhausting the memory pool...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: Firmware: stratix10-svc: Fixed a potential resource leak in svccreatememorypool. The svccreatememorypool function is only called from stratix10svcdrvprobe. Most of the resources within the probe are managed, but this memremap...
Astra Linux - уязвимость в wayland
An internal reference count is maintained on the buffer pool; this count increments every time a new buffer is created from the pool. The reference count is stored as an integer. On LP64 systems, this can lead to an overflow if the client creates a large number of wlshm buffer objects, or if it...
Astra Linux - уязвимость в netcdf
The ezxmltoxml function in ezxml 0.8.6 and earlier is vulnerable to out-of-band OOB writes when opening an XML file after exhausting the memory pool...
Nimiq 数字错误漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a numerical error vulnerability. This vulnerability stems from the nimiq-account contract’s VestingContract::canchangebalance function, which returns AccountError::InsufficientFund...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011220)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011220 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10syncrequest initresync inits mempool and sets...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011319)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011319 advisory. In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: Fix a potential resource leak in svccreatememorypool svccreatememorypool...
Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-013408)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013408 advisory. In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btreeiter btreeiter is used in two ways: either...
CVE-2026-23463
In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: fix race condition in qmandestroyfq When QMANFQFLAGDYNAMICFQID is set, there's a race condition between fqtablefq-idx state and freeing/allocating from the pool and WARNONfqtablefq-idx in qmancreatefq gets...
GHSA-3VMH-33XR-9CQH Zebra has a Consensus Failure due to Improper Verification of V5 Transactions
--- CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause...
SUSE CVE-2025-71225
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs In raid1reshape, freezearray is called before modifying the r1bio memory pool conf-r1biopool and conf-raiddisks, and unfreezearray is called after the update is completed...
AZL-77874 CVE-2025-71225 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs In raid1reshape, freezearray is called before modifying the r1bio memory pool conf-r1biopool and conf-raiddisks, and unfreezearray is called after the update is completed...
CVE-2025-71225
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs In raid1reshape, freezearray is called before modifying the r1bio memory pool conf-r1biopool and conf-raiddisks, and unfreezearray is called after the update is completed...
UBUNTU-CVE-2025-71225
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs In raid1reshape, freezearray is called before modifying the r1bio memory pool conf-r1biopool and conf-raiddisks, and unfreezearray is called after the update is completed...
CVE-2025-71225
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs In raid1reshape, freezearray is called before modifying the r1bio memory pool conf-r1biopool and conf-raiddisks, and unfreezearray is called after the update is completed...
CVE-2025-71225
CVE-2025-71225: Linux kernel vulnerability in RAID update path. When updating raid_disks via sysfs, freeze_array may unblock before queued r1bio structures are released, causing free_r1bio() to access memory with the old raid_disks/mempool configuration. This can lead to out-of-bounds access and ...
CVE-2025-71225 md: suspend array while updating raid_disks via sysfs
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs In raid1reshape, freezearray is called before modifying the r1bio memory pool conf-r1biopool and conf-raiddisks, and unfreezearray is called after the update is completed...
CVE-2025-71225
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs In raid1reshape, freezearray is called before modifying the r1bio memory pool conf-r1biopool and conf-raiddisks, and unfreezearray is called after the update is completed...