Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: exfat: fixed a potential deadlock in exfatgetdentryset. When accessing a file with more entries than ESMAXENTRYNUM, the bh-array is allocated in exfatgetdentryset. The problem is that the bh-array is allocated using GFPKERNEL. Th...

CVE-2025-71159

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free warning in btrfsgetorcreatedelayednode Previously, btrfsgetorcreatedelayednode set the delayednode's refcount before acquiring the root-delayednodes lock. Commit e8513c012de7 "btrfs: implement reftracker...

CVE-2025-71159

CVE-2025-71159 relates to a Linux kernel vulnerability in the Btrfs filesystem. The issue is a memory-ordering/race condition in btrfs_get_or_create_delayed_node(), where the delayed_node refcount was set before acquiring the root->delayed_nodes lock, allowing stores to node->refs and btrfs...

CVE-2025-68356

In the Linux kernel, the following vulnerability has been resolved: gfs2: Prevent recursive memory reclaim Function newinode returns a new inode with inode-imapping-gfpmask set to GFPHIGHUSERMOVABLE. This value includes the GFPFS flag, so allocations in that address space can recurse into...

EUVD-2025-203732

In the Linux kernel, the following vulnerability has been resolved: fs: ext4: change GFPKERNEL to GFPNOFS to avoid deadlock The parent function ext4xattrinodelookupcreate already uses GFPNOFS for memory alloction, so the function ext4xattrinodecachefind should use same gfpflag...

EUVD-2025-31841

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

@boxyhq/saml-jackson (>=1.11.2 <=1.40.2), @boxyhq/saml20 (>=1.2.4 <=1.8.0) +8 more potentially affected by CVE-2025-29775 via xml-crypto (>=4.1.0 <=6.0.0)

xml-crypto NPM version =4.1.0, =1.11.2, =1.2.4, =1.0.0, =4.0.0, =1.0.0, =0.0.1, =0.0.2 - saml-nofs =3.0.2 - verifactu-utils =1.1.0 Source cves: CVE-2025-29775 Source advisory: OSV:GHSA-X3M8-899R-F7C3...

AZL-48024 CVE-2024-42315 affecting package kernel for versions less than 6.6.47.1-1

In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on exfatgetdentryset When accessing a file with more entries than ESMAXENTRYNUM, the bh-array is allocated in exfatgetentryset. The problem is that the bh-array is allocated with GFPKERNEL. It does n...

@boxyhq/saml-jackson (>=1.11.2 <=1.17.1), @boxyhq/saml20 (>=1.2.4 <=1.4.1) +7 more potentially affected by CVE-2024-32962 via xml-crypto (>=4.1.0 <=5.1.1)

xml-crypto NPM version =4.1.0, =1.11.2, =1.2.4, =4.0.0, =1.0.0, =0.0.1, =0.0.2 - saml-nofs =3.0.2 - verifactu-utils =1.1.0 Source cves: CVE-2024-32962 Source advisory: OSV:GHSA-2XP3-57P7-QF4V...