Astra Linux - Vulnerability in linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mptcp: race condition during subflow creation in mptcprcvspaceadjust Additional active subflows—i.e., those created by the in-kernel path manager—are added to the subflow list before the 3whs is started. A race condition involvin...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs: Protect reconfiguration of sb read-write from racing writes The code responsible for reconfiguration and remounting the filesystem requires significant effort to protect it from racing writes during read-only operations...

EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2026-1388)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacke...

EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2026-1357)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacke...

UBUNTU-CVE-2026-25953

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reads from a freed xfAppWindow because the RDPGFX DVC thread obtains a bare pointer via xfrailgetwindow without any lifetime protection, while the main thread can concurrently...

CVE-2025-71221

In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmppdma: Fix race condition in mmppdmaresidue Add proper locking in mmppdmaresidue to prevent use-after-free when accessing descriptor list and descriptor contents. The race occurs when multiple threads call txstatus...

kernel: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths

A use-after-free vulnerability was found in the DWC3 USB controller driver in the Linux kernel. Multiple unsynchronized execution paths can invoke dwc3removerequests concurrently, leading to premature freeing of USB requests. When one path frees requests while another is still processing them, a...

CVE-2023-54288 wifi: mac80211: fortify the spinlock against deadlock by interrupt

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fortify the spinlock against deadlock by interrupt In the function ieee80211txdequeue there is a particular locking sequence: begin: spinlock&local-queuestopreasonlock; qstopped = local-queuestopreasonsq;...

SUSE CVE-2023-54099

In the Linux kernel, the following vulnerability has been resolved: fs: Protect reconfiguration of sb read-write from racing writes The reconfigure / remount code takes a lot of effort to protect filesystem's reconfiguration code from racing writes on remounting read-only. However during remounti...

Linux Distros Unpatched Vulnerability : CVE-2023-54099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs: Protect reconfiguration of sb read-write from racing writes The reconfigure / remount code takes a lot of effort to protect filesystem's reconfiguration cod...

EUVD-2023-60346

In the Linux kernel, the following vulnerability has been resolved: fs: Protect reconfiguration of sb read-write from racing writes The reconfigure / remount code takes a lot of effort to protect filesystem's reconfiguration code from racing writes on remounting read-only. However during remounti...

UBUNTU-CVE-2023-54099

In the Linux kernel, the following vulnerability has been resolved: fs: Protect reconfiguration of sb read-write from racing writes The reconfigure / remount code takes a lot of effort to protect filesystem's reconfiguration code from racing writes on remounting read-only. However during remounti...

CVE-2023-54099 fs: Protect reconfiguration of sb read-write from racing writes

In the Linux kernel, the following vulnerability has been resolved: fs: Protect reconfiguration of sb read-write from racing writes The reconfigure / remount code takes a lot of effort to protect filesystem's reconfiguration code from racing writes on remounting read-only. However during remounti...

CVE-2023-54099

CVE-2023-54099 relates to a race in Linux kernel remount handling where clearing SB_RDONLY to switch a filesystem from read-only to read-write could briefly allow userspace writes before the filesystem is fully ready. The issue is in the remount/reconfiguration path; the recommended fix is to tra...

UBUNTU-CVE-2025-68292

In the Linux kernel, the following vulnerability has been resolved: mm/memfd: fix information leak in hugetlb folios When allocating hugetlb folios for memfd, three initialization steps are missing: 1. Folios are not zeroed, leading to kernel memory disclosure to userspace 2. Folios are not marke...

EUVD-2025-135732

Malicious code in tearich-racing npm...

Malicious code in tearich-racing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b29c29647425a61e918dfd6ba935777f9c6aa84fbec6ea21473a54fda4b453d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tearich-racing1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30c4753a2e0371b67996af32c67176e5b475cba058d790955c172a6904b8718b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tearich-racing2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e1b8094e5ba133b10858afe5e1c122a4ff2e082d992c443d39c1c75cf159101 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tearich-racing5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbc5f30df8d346c4957a3de354befe377f6af77072d587c7df371d646c072b53 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...