200 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Correctly track subprogram poke descriptors and fix use-after-free Subprograms call mappoketrack, but during program release, there is no hook to call mappokeuntrack. However, during program release, the auxiliary memory and...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: BPF: Do not use tnumrange for array range checking when dealing with poke descriptors. Hsin-Wei reported a KASAN issue triggered by their BPF runtime fuzzer, which is based on a customized syzkaller: - BUG: KASAN: Out-of-bound...
kernel: bpf: Don't use tnum_range on array range checking for poke descriptors
In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in...
kernel: bpf: Don't use tnum_range on array range checking for poke descriptors
In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001819)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001819 advisory. arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACEPOKEUSRAREA...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992712)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992712 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992341)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992341 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN...
kernel: bpf: Don't use tnum_range on array range checking for poke descriptors
In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in...
CLSA-2025-1763734783 kernel: Fix of 64 CVEs
media: bttv: fix use after free error due to btv-timeout timer CVE-2023-52847 - firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails CVE-2022-50087 - wifi: mwifiex: Fix OOB and integer underflow when rx packets CVE-2023-53226 - vsock: Fix transport TOCTOU CVE-2025-38461 - ALSA:...
EUVD-2025-141740
Malicious code in haritono-poke16 npm...
EUVD-2025-136291
Malicious code in sumpel-poke1 npm...
EUVD-2025-135003
Malicious code in zaskia-poke12 npm...
EUVD-2025-141330
Malicious code in inul-poke4 npm...
EUVD-2025-141697
Malicious code in haritono-poke8 npm...
Malicious code in inul-poke8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17836f53d27b300f8d078df2a2c7688d828f15c6da3c68073804cf93596cfc24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-137305
Malicious code in rindaman-poke14 npm...
Malicious code in ananda-poke6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 373c589d7548e96d53a79a2b9d44ea6f1b874bd3a5bf1c2e13d1251ff1d499f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hakim-poke4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94248ba674d9408e389063ec627727c9a4052d24b32b3f58388644542bb69035 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hitachi-poke6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e289c693a97a7b3984c3d8ab3ce3325af2918aa6d9f7876e1e5259c96ac4e00 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in indah-poke9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9544fdba89c7e3180015c23aa350c30b8125e9d1ec6f12e84be7c61531cc1021 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...