Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Networks: The tun device may destroy the NAPIs associated with it during destruction. Syzbot identified a race condition between the tun file and the destruction of the device. NAPIs are stored in the structtunfile structure, and...

Astra Linux - уязвимость в chromium

Before version 90.0.4430.72, using the "after free" mechanism in the Network API of Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted Chrome Extension...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlinking NAPIs from queues on error to open. The CI detected a UaF in fbnic within the AFXDP section of the queues.py test. The UaF occurs in the skmarknapiidonce function call in xskbind. The NAPI has been freed. It...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ath11k: fixed the kernel panic that occurred during the unloading/loading of ath11k modules. Fixed the call to netifnapidel from ath11kahbfreeextirq, to prevent the following kernel panic when unloading/loading ath11k modules...

CVE-2026-31644

In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix use-after-free and leak in lan966xfdmareload When lan966xfdmareload fails to allocate new RX buffers, the restore path restarts DMA using old descriptors whose pages were already freed via lan966xfdmarxfreepages...

PT-2026-34996

In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix use-after-free and leak in lan966x fdma reload When lan966x fdma reload fails to allocate new RX buffers, the restore path restarts DMA using old descriptors whose pages were already freed via lan966x fdma rx fr...

PT-2026-34374

In the Linux kernel, the following vulnerability has been resolved: virtio net: Fix UAF on dst ops when IFF XMIT DST RELEASE is cleared and napi tx is false A UAF issue occurs when the virtio net driver is configured with napi tx=N and the device's IFF XMIT DST RELEASE flag is cleared e.g., durin...

CVE-2024-51348

A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution RCE by sending a specially crafted HTTP request...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46784)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46784 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in...

CVE-2025-68341

In the Linux kernel, the following vulnerability has been resolved: veth: reduce XDP nodirect return section to fix race As explain in commit fa349e396e48 "veth: Fix race with AFXDP exposing old or uninitialized descriptors" for veth there is a chance after napicompletedone that another CPU can...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990563)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990563 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989955)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989955 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device...

CVE-2023-53685

In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = int fdtun, fdtmp; char buf4 = ; fdtun ...

EUVD-2025-13641

Malicious code in bioql PyPI...

EUVD-2022-25900

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-38570

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AFXDP...

DEBIAN-CVE-2025-38385

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in netifnapidellocked on disconnect Remove redundant netifnapidel call from disconnect path. A WARN may be triggered in netifnapidellocked during USB device disconnect: WARNING: CPU: 0 PID: 11 at...

UBUNTU-CVE-2025-38385

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in netifnapidellocked on disconnect Remove redundant netifnapidel call from disconnect path. A WARN may be triggered in netifnapidellocked during USB device disconnect: WARNING: CPU: 0 PID: 11 at...

UBUNTU-CVE-2025-38009

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b "net: warn if NAPI instance wasn't shut down". Disable tx napi before deleting it in mt76dmacleanup. WARNING: CPU:...

[SECURITY] Fedora 41 Update: python-h11-0.14.0-7.fc41

This is a little HTTP/1.1 library written from scratch in Python, heavily inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO code whatsoever. This means you can hook h11 up to your favorite network API, and that could be anything you want: synchronous, threaded,...