238 matches found
CVE-2026-49088
Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...
CVE-2026-49088 Insertion of Sensitive Information into Log File in Kibana Leading to Information Disclosure
Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...
EUVD-2026-41093
Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...
PT-2026-52105
Name of the Vulnerable Software and Affected Versions Sentry versions 24.4.0 through 26.5.1 Description A Regular Expression Denial of Service ReDoS exists in the event ingestion pipeline. This occurs when a regular expression is applied to attacker-controlled fields on incoming events, allowing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: perf/x86/amd: Fixed a crash that occurred due to a race between amdpmuenableall, perf NMI, and throttling. amdpmuenableall does the following: if !testbitidx, cpuc-activemask continue; amdpmuenableeventcpuc-eventsidx; A perf N...
Astra Linux – Vulnerability in Linux
A flaw related to memory leaks in the Linux kernel’s performance monitoring subsystem was discovered due to the use of PERFEVENTIOCSETFILTER. A local user could exploit this flaw to deplete resources, resulting in a denial of service...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86/pmu: Disabled support for adaptive PEBS. Support for virtualizing adaptive PEBS has been discontinued. This is because KVM’s implementation is architecturally broken without an obvious or easy way to address this issu...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: perf/x86: The movement of the event pointer was moved earlier in x86pmuenable. A production AMD EPYC system crashed due to a NULL pointer dereference in the PMU NMI handler: BUG: NULL pointer dereference in the kernel, address:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fixed powerpmudisable to call clearpmiirqpending only if PMI is pending Running a self-test with CONFIGPPCIRQSOFTMASKDEBUG enabled in the kernel triggered the following warning: 172.851380 ------------ Cut here...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: The segfault caused by PEBS-via-PT with a sample frequency has been fixed. Currently, using PEBS-via-PT with a sample frequency instead of a sample period causes a segfault. For example: BUG: Kernel NULL pointer...
CVE-2026-43344
A flaw was found in the Linux kernel's performance monitoring unit perf/x86/intel/uncore subsystem. This vulnerability arises from incorrect die ID initialization and lookup, particularly when certain CPUs are offline or when Non-Uniform Memory Access NUMA is disabled. As a consequence, performan...
CVE-2026-43150
A flaw was found in the Linux kernel. This vulnerability occurs when the kernel's perf/arm-cmn component encounters unsupported hardware configurations, such as unknown Coherent Mesh Network CMN models or revisions. The kernel makes assumptions about hardware sizes, and if these are violated, it...
CVE-2026-43079
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Skip discovery table for offline dies This warning can be triggered if NUMA is disabled and the system boots with fewer CPUs than the number of CPUs in die 0. WARNING: CPU: 9 PID: 7257 at uncore.c:1157...
CVE-2026-43079
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Skip discovery table for offline dies This warning can be triggered if NUMA is disabled and the system boots with fewer CPUs than the number of CPUs in die 0. WARNING: CPU: 9 PID: 7257 at uncore.c:1157...
CVE-2026-31782
A flaw was found in the Linux kernel's performance monitoring unit perf/x86 component. This vulnerability occurs when the auto counter reload feature processes certain event groups, potentially causing an out-of-bounds memory read. An attacker could exploit this to gain unauthorized access to...
EUVD-2026-26595
In the Linux kernel, the following vulnerability has been resolved: perf/x86: Fix potential bad containerof in intelpmuhwconfig Auto counter reload may have a group of events with software events present within it. The software event PMU isn't the x86hybridpmu and a containerof operation in...
PT-2026-36417
In the Linux kernel, the following vulnerability has been resolved: perf/x86: Fix potential bad container of in intel pmu hw config Auto counter reload may have a group of events with software events present within it. The software event PMU isn't the x86 hybrid pmu and a container of operation i...
perf: Make sure to use pmu_ctx->pmu for groups
...
SUSE CVE-2026-31528
In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmuctx-pmu for groups Oliver reported that x86pmudel ended up doing an out-of-bound memory access when groupschedin fails and needs to roll back. This should be handled by the transaction callbacks, but he...
CVE-2026-31528
A flaw was found in the Linux kernel's performance monitoring unit PMU subsystem. This vulnerability occurs when handling performance event groups, specifically during the rollback of groupschedin operations. An issue with how inherited contexts use event pointers can lead to an out-of-bounds...