28869 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fix tailcallreachable rejection for interpreter when jit failed During testing of f263a81451c1 “bpf: Track subprog poke descriptors correctly and fix use-after-free” under various failure conditions, for example, when...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Disabling migration in nfhookrunbpf. syzbot reported that the netfilter BPF program can be called without disabling migration in the xmit path. As a result, the assertion in bpfprogrun fails, triggering an error below. 0 Let...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Ice: Fixed DMA mapping leaks The leak was addressed when the user changed ring parameters. During the reallocation of RX buffers, new DMA mappings are created for those buffers. New buffers with a different RX ring count shoul...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed an issue in verifying allowptrleaks. After we changed the capabilities of our networking-bpf program from capsysadmin to capnetadmin+capbpf, our networking-bpf program failed to start. This was because it failed the BP...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: BPF: Fixed the re-attachment branch in bpftracingprogattach. The following scenario can cause a crash due to a missing attachbtf: 1 Load the rawtp program. 2 Load the fentry program with rawtp as targetfd. 3 Create a tracing...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPFCMPXCHG on a high level has the following parameters: .-old-val .-new-val BPFR0 = cmpxchg32,64DSTREG + insn-off, BPFR0, SRCREG -mem-loc...
Astra Linux - уязвимость в mtr
mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries...
Astra Linux - уязвимость в linux, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from setmemoryro into account with bpfproglockro setmemoryro can fail, leaving memory unprotected. Check its return and take it into account as an error...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usbhubtostructhub to dereference a NULL or inappropriate pointer: Oops: general protection fault,...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: virtionet: Fixed an issue with error unwinding of XDP initialization. When initializing XDP in virtnetopen, some rq xdp initializations may encounter errors, resulting in failed network device openings. However, previous rqs have...
Astra Linux - уязвимость в gimp
GIMP ICO File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid bpfprogret0warn when JIT fails Syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Linked modules: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed the issue where XDP programs generate skb values based on non-linear xdpbuff structures during the striding phase of the XDP process. XDP programs can modify the layout of an xdpbuff using bpfxdpadjusttail and...
MINI-PGM4-R82V-JM54
Bulletin has no description...
EUVD-2026-26609
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject sleepable kprobemulti programs at attach time kprobe.multi programs run in atomic/RCU context and cannot sleep. However, bpfkprobemultilinkattach did not validate whether the program being attached had the sleepable...
CVE-2026-31734
CVE-2026-31734 (Linux kernel sched_ext) has been fixed. The issue was a false negative where is_bpf_migration_disabled() could be incorrect on systems without CONFIG_PREEMPT_RCU, causing migration_disabled == 1 to be treated as truly migration-disabled even for the current task. The BPF prolog no...
SUSE CVE-2026-42167
modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...
dtrace security update
2.0.7-4 - Prevent out-of-buonds memory access during object symbol table construction CVE-2026-35233. Orabug: 39121881 - Prevent divide-by-zero FPE trap if section header data is corrupted. CVE-2026-21996. Orabug: 39121874 - Ensure safety checks are performed on program header data from ELF...
CVE-2026-42167
The vulnerability CVE-2026-42167 affects ProFTPD with the mod_sql backend, where logging of USER requests (using expansions like %U) can bypass escaping in SQLLog/SQLNamedQuery and enable stacked SQL queries. In ProFTPD builds using the vulnerable mod_sql, an attacker can cause arbitrary code exe...