17 matches found
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: AppArmor: A memory leak was fixed in the verifyheader function. The function sets ns = NULL on every call, causing a memory leak for the namespace string allocated in previous iterations when multiple profiles are unpacked. This...
CVE-2026-44424
ShellHub (CVE-2026-44424) has a cross-tenant IDOR in GET /api/devices/:uid where an authenticated user can read device metadata from other namespaces. Root cause: GetDevice resolves a device by UID without enforcing tenant scoping; DeleteDevice applies InNamespace, but GetDevice does not. Impact:...
CVE-2023-53781 smc: Fix use-after-free in tcp_write_timer_handler().
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...
EUVD-2019-3216
Malware in sbrugna...
EUVD-2022-24964
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-48757
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespac...
Linux Distros Unpatched Vulnerability : CVE-2019-6789
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosu...
Linux Distros Unpatched Vulnerability : CVE-2025-38247
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: userns and mntidmap leak in opentreeattr2 Once wantmountsetattr has returned a positive, it...
Linux Distros Unpatched Vulnerability : CVE-2025-22077
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert smb: client: fix TCP timers deadlock after rmmod This reverts commit e9f2517a3e18a54a3943c098d2226b245d488801. Commit e9f2517a3e18 smb: client: fix TCP...
Linux Distros Unpatched Vulnerability : CVE-2022-1678
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be us...
CVE-2025-38247
CVE-2025-38247 concerns the Linux kernel: a leak of user namespaces and possibly mnt_idmap in open_tree_attr(2) due to not releasing ->mnt_userns after a positive result from want_mount_setattr(). The root cause is that finish_mount_kattr() must release the namespace, and if do_mount_setattr()...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: “smb: client: fix TCP timers deadlock after rmmod” This fix reverts to the previous state with commit e9f2517a3e18a54a3943c098d2226b245d488801. The commit e9f2517a3e18 “smb: client: fix TCP timers deadlock after rmmod” is intende...
CVE-2022-49905
CVE-2022-49905: In the Linux kernel net/smc, smc_init() registers pernet subsystems without proper error handling, risking leaked pernet namespace. If register_pernet_subsys(&smc_net_stat_ops) or smc_nl_init() fails, &smc_net_stat_ops might not be reverted, leaving wild ops in the subsystem linke...
CVE-2022-49905
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked pernet namespace in smcinit In smcinit, registerpernetsubsys&smcnetstatops is called without any error handling. If it fails, registering of &smcnetops won't be reverted. And if smcnlinit fails,...
kernel: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
A flaw was discovered in the Linux kernel's IPv6 implementation, specifically within the inet6rtmgetaddr function. The issue arises when user space provides a valid IFATARGETNETNSID value but omits the IFAADDRESS and IFALOCAL attributes. In such cases, the function returns an -EINVAL error while...
Linux kernel 安全漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel due to a netns reference count leak in the devlink module devlinknlcmdreload...
SUSE CVE-2021-47010
In the Linux kernel, the following vulnerability has been resolved: net: Only allow init netns to set default tcp cong to a restricted algo tcpsetdefaultcongestioncontrol is netns-safe in that it writes to &net-ipv4.tcpcongestioncontrol, but it also sets ca-flags |= TCPCONGNONRESTRICTED which is...