1875 matches found
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: IGMP: Fixed data races related to sysctligmpqrv. When reading sysctligmpqrv, it can be changed concurrently. Therefore, we need to add READONCE to its readers. This test can be incorporated into a helper module; such changes...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fixed a use-after-free issue when updating multicast route statistics. The cited commit added a dedicated mutex instead of RTNL to protect the multicast route list. This ensures that the list does not change...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: Ensure that we call ipv6mcdown at most once. There are two reasons why addrconfnotify is called with NETDEVDOWN: Either the network device is actually going down, or IPv6 was disabled on the interface. If either of the...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquiring RTNL before calling ip6mrfreetable on the failure path ip6mrfreetable can only be called under an RTNL lock. RTNL: assertion failed at net/core/dev.c 10367 WARNING: CPU: 1 PID: 5890 at net/core/dev.c:10367...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/cma: Allow UD qptype to join multicast only Regarding multicast: - The SIDR is the only mode that makes sense; - In addition to PSUDP, other port spaces like PSIB are also allowed, as they are UD-compatible. In this case,...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: Bridge: Multicast packets must be confirmed before being passed up the stack. The conntrack/nfconfirm logic does not handle cloned skb objects that reference the same nfct entry. This issue occurs when dealing with...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nfp: MC addresses are cleaned in the application firmware when the port is closed. When moving devices from one namespace to another, MC addresses are cleaned by software, but they are not removed from the application firmware. A...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: afpacket: moved the call to packetdevmc out of the RCU critical section. Syzkaller reports the following issues: BUG: A sleeping function is called from an invalid context at kernel/locking/mutex.c:578 mutexlock+0x106/0xe80...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, the generation of the list of MDB events to replay competed with the creation of new group memberhips, either through the IGMP/MLD snoopin...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: afnetlink: Fixed an out-of-bounds shift in the group mask calculation When a netlink message is received, netlinkrecvmsg fills in the address of the sender. One of the fields is the 32-bit bitfield nlgroups, which carries the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fixed the issue with locking the mcast list. The release of priv-lock while iterating over priv-multicastlist in ipoibmcastjointask creates a situation where ipoibmcastdevFlush may remove the items while the iteration i...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/ucma: Protects the mc object during concurrent multicast operations. The commit mentioned in the “Fixes” section has been partially reverted to ensure that the allocation and erasure of multicast objects are locked...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fixed an UAF issue in ip6mrskDone when addrconfinitnet failed. If the initialization of devconfall fails during the call to addrconfinitnet, the pointer devconfall is released. Calling ip6mrskDone to release the network...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: - In net: The variable sk-skfamily was read once in the function skmcloop. - syzbot is frequently using IPV6ADDRFORM; it managed to trigger the WARNONONCE1 function in skmcloop. We still have many more similar issues that need...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ipv6: mcast: fixed a data race in ipv6mcdown / mldifcwork. idev-mcifccount can be written without proper locking. Originally reported by syzbot 1. This issue was fixed by encapsulating calls to mldifcstopwork and mldgqstopwork...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: VLAN: Enforcing the underlying device type Currently, VLAN devices can be created on top of non-Ethernet devices. Aside from the fact that this approach doesn’t make much sense, it also causes a bug that leads to the leakage of t...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: removed one synchronizenet call from ipv6mcdown. As discussed in previous discussions commit 2d3916f31891 “ipv6: fix skb drops in igmp6eventquery and igmp6eventreport”, the synchronizenet call in ipv6mcdown is not...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021635)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021635 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardo...
Windows Snipping Tool - NTLMv2 Hash Hijack
Exploit Title: Windows Snipping Tool - NTLMv2 Hash Hijack Date: 2026-04-22 Exploit Author: nu11secur1ty Video Demo: https://www.patreon.com/posts/cve-2026-33829-156243398 Vendor Homepage: https://www.microsoft.com Software Link: Built-in Windows Snipping Tool Version: Windows 10, Windows 11,...
CLSA-2026-1778157268 dnsmasq: Fix of CVE-2022-0934
CVE-2022-0934: Fix write-after-free in DHCPv6 relay handling that could be triggered by a crafted packet, leading to denial of service - rfc3315: fix bad reply to DHCPCONFIRM messages wrong message type - rfc3315: fix integer underflow and heap overflow in log6opts STATUSCODE - rfc3315: fix...