68 matches found
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: sched: using the RCU read-side critical section in tapriodump Fixed a possible use-after-free in ‘tapriodump’ by adding the RCU read-side critical section. This issue was not encountered on x86, but was found on an arm64...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fixed issues with dfs-radar and temperature event locking. The ath12k active PDevs are protected by RCU, but the code responsible for handling DFS-radar and temperature events, which calls ath12kmacgetarbypdevid...
Node.js Module axios < 1.15.2 Prototype Pollution
The version of the axios Node.js module installed on the remote host is prior to 1.15.2. It is, therefore, affected by the following vulnerability: - Axios has prototype pollution read-side gadgets in the HTTP adapter that allow credential injection and request hijacking. CVE-2026-42264 Note that...
CVE-2026-43214 KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2()
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Add SRCU protection for reading PDPTRs in getsregs2 Add SRCU read-side protection when reading PDPTR registers in getsregs2. Reading PDPTRs may trigger access to guest memory: kvmpdptrread - svmcachereg - loadpdptrs -...
CVE-2026-43214
The CVE-2026-43214 issue concerns Linux kernel KVM on x86: when reading PDPTRs in __get_sregs2(), SRCU read-side protection was missing. The root cause is that kvm_pdptr_read() may dereference guest memory via a chain (svm_cache_reg -> load_pdptrs -> kvm_vcpu_read_guest_page -> kvm_vcpu_...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix gtk offload status event locking The ath11k active pdevs are protected by RCU but the gtk offload status event handling code calling ath11kmacgetarvifbyvdevid was not marked as a read-side critical section. Mark...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ima: Avoid blocking in RCU read-side critical section A panic happens in imamatchpolicy: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 42f873067 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 5 PID: 1286325 Com...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – Fixed the issue with htt.pktlog locking. The ath11k active PDevs are protected by RCU, but the code that handles htt.pktlog, namely ath11kmacgetarbypdevid, was not marked as a read-side critical section. This code...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix dfs radar event locking The ath11k active pdevs are protected by RCU but the DFS radar event handling code calling ath11kmacgetarbypdevid was not marked as a read-side critical section. Mark the code in question...
SUSE CVE-2026-31669
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...
CVE-2026-31657
In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadvblaaddclaim can replace claim-backbonegw and drop the old gateway's last reference while readers still follow the pointer. The netlink claim dump path dereferences...
CVE-2026-31657
In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadvblaaddclaim can replace claim-backbonegw and drop the old gateway's last reference while readers still follow the pointer. The netlink claim dump path dereferences...
PT-2026-35009
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the batman-adv module, the function batadv bla add claim can replace claim-backbone gw and drop the last reference of the old gateway while readers are still following the pointer. Th...
EUVD-2026-25219
In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro-uniq use-after-free in rawrcv rawrelease unregisters raw CAN receive filters via canrxunregister, but receiver deletion is deferred with callrcu. This leaves a window where rawrcv may still be running in an RCU...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the reuse of a freed resource after the release of the ro-uniq operation in rawrcv. This could le...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005422)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005422 advisory. In the Linux kernel, the following vulnerability has been resolved: ima: Avoid blocking in RCU read-side critical section A panic happens in imamatchpolicy: BUG:...
PT-2025-53069
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the rtw88 wifi driver related to rate updates. The ieee80211 ops::sta rc update function must be atomic to prevent a context switch within an RCU...
PT-2025-51637
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A regression was introduced in the Linux kernel due to a commit 995412e23bb2 related to SCSI core functionality and tag iterators. This regression is triggered by the scsi host busy...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-381573)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-381573 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt...