66 matches found
CVE-2026-53271
A flaw was found in the ksmbd component of the Linux kernel. A remote attacker could exploit a NULL-dereference vulnerability in the oplock/lease break notifiers. This occurs because opinfo-conn is read without proper checks, allowing a concurrent Server Message Block SMB2 LOGOFF to set op-conn t...
SUSE CVE-2026-53271
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither READONCE nor a NULL check. Both run from oplockbreak after opinfogetlist h...
CVE-2026-53271
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither READONCE nor a NULL check. Both run from oplockbreak after opinfogetlist h...
CVE-2026-53271
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither READONCE nor a NULL check. Both run from oplockbreak after opinfogetlist h...
EUVD-2026-39222
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither READONCE nor a NULL check. Both run from oplockbreak after opinfogetlist h...
CVE-2026-53271 ksmbd: fix NULL-deref of opinfo->conn in oplock/lease break notifiers
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither READONCE nor a NULL check. Both run from oplockbreak after opinfogetlist h...
PT-2026-44236
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the KVM x86 shadow paging mechanism. The shadow MMU calculates Guest Frame Numbers GFNs for direct shadow pages by adding the SPTE index to sp-gfn. This...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: Use cpuhpstateremoveinstancenocalls instead of cpuhpstateremoveinstance so that the notifications do not execute after the PMU device has been unregistered. When tearing down a ‘hisihns3’ PMU, we mistakenly ra...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: hwmon: coretemp Simplified platform device handling Coretemp’s platform driver is unconventional. All the actual processing is performed globally by the initcall and CPU hotplug notifiers. The “driver” essentially just wraps t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take the RTNL lock when necessary before calling xdpsetfeatures. The RTNL lock should be held when calling xdpsetfeatures with a registered netdev, as this call triggers the netdev notifiers. This could occur, for...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013523)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013523 advisory. In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, t...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011048)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011048 advisory. In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, t...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013221)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013221 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses failiommusetup registers the...
CVE-2022-38358
Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/adminnotifiers/rules.php and /module/reportevent/indext.php via the parameters rulenotification, rulename, and rulenameold, and at...
SUSE CVE-2023-54095
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses failiommusetup registers the failiommubusnotifier struct to both PCI and VIO buses. struct notifierblock is a linked list node, so this causes any notifiers later...
CVE-2023-54095
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses failiommusetup registers the failiommubusnotifier struct to both PCI and VIO buses. struct notifierblock is a linked list node, so this causes any notifiers later...
UBUNTU-CVE-2023-54095
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses failiommusetup registers the failiommubusnotifier struct to both PCI and VIO buses. struct notifierblock is a linked list node, so this causes any notifiers later...
CVE-2023-54095 powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses failiommusetup registers the failiommubusnotifier struct to both PCI and VIO buses. struct notifierblock is a linked list node, so this causes any notifiers later...
Malicious Package
Overview js-notifiers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2025-33625
Malicious code in js-notifiers npm...