Astra Linux - уязвимость в qemu

A flaw was discovered in QEMU. The async nature of hot-unplug allows for a race condition, where the net device backend is cleared before the virtio-net PCI frontend is unplugged. A malicious guest could exploit this time window to trigger an assertion and cause a denial of service...

CLSA-2026-1778125769 qemu-kvm: Fix of 3 CVEs

CVE-2023-3019: net: improper synchronization in net device backends - CVE-2023-42467: scsi-disk: division by zero in scsidiskemulatemodeselect - CVE-2024-26327: pciesriov: NumVFs validation buffer overflow...

Astra Linux - уязвимость в linux

A issue was discovered in the Linux kernel versions 2.6.39 through 5.10.16, as used in Xen. The block, net, and SCSI backends consider certain errors as ordinary bugs, which are deliberately designed to cause kernel crashes. For errors that may be influenced by guests such as memory exhaustion...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A use-after-free flaw was discovered in vhostnetsetbackend in drivers/vhost/net.c within the virtio network subcomponent of the Linux kernel, due to a double fget operation. This flaw could allow a local attacker to cause the system to crash, and could even lead to a kernel information leak issue...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001536)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001536 advisory. An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414310 advisory. A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could...

PT-2025-8593 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition exists in the Linux kernel's xen/arm component, specifically in the RB-tree based P2M accounting. The issue arises from concurrent calls to set phys to machine multi b...

kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend()

A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in the virtio network subcomponent in the Linux kernel due to a double fget. This issue could allow a local attacker to crash the system, and could lead to a kernel information leak problem...

kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend()

A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in the virtio network subcomponent in the Linux kernel due to a double fget. This issue could allow a local attacker to crash the system, and could lead to a kernel information leak problem...

AZL-28790 CVE-2023-3301 affecting package qemu for versions less than 6.2.0-23

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...

DEBIAN-CVE-2023-3301

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...

AZL-26032 CVE-2023-1838 affecting package kernel for versions less than 5.15.107.1-2

A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem...

CVE-2023-1838

A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem...

UBUNTU-CVE-2023-1838

A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem...

SUSE CVE-2013-4127

Use-after-free vulnerability in the vhostnetsetbackend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service OOPS and system crash via vectors involving powering on a virtual machine...

DEBIAN-CVE-2021-26931

An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests such as out of memory conditions, it isn'...

SharePoint Workflows XOML Injection Exploit

This Metasploit module exploits a vulnerability within SharePoint and its .NET backend that allows an attacker to execute commands using specially crafted XOML data sent to SharePoint via the Workflows functionality. This module requires Metasploit: https://metasploit.com/download Current source:...

SharePoint Workflows XOML Injection

This module exploits a vulnerability within SharePoint and its .NET backend that allows an attacker to execute commands using specially crafted XOML data sent to SharePoint via the Workflows functionality. This module requires Metasploit: https://metasploit.com/download Current source:...

PT-2013-4860 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.10.3 Description: A use-after-free issue in the vhost net set backend function allows local users to cause a denial of service, resulting in an OOPS and system crash, via vectors involving powering on a virtua...