69 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – Fixing the lock issue related to the gtk offload status event. The ath11k active PDevs are protected by RCUs. However, the code that handles the gtk offload status event and calls ath11kmacgetarvifbyvdevid was not...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed the copylinklist updates when the “copyTracemarker” option is enabled for an instance. When this option is enabled, any data written to /sys/kernel/tracing/tracemarker is also copied to that instance’s buffer. When...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – Fixed the issue with htt.pktlog locking. The ath11k active PDevs are protected by RCUs, but the code that handles htt.pktlog, namely ath11kmacgetarbypdevid, was not marked as a read-side critical section. This code...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fixed issues with dfs-radar and temperature event locking. The ath12k active PDevs are protected by RCU, but the code responsible for handling DFS-radar and temperature events, which calls ath12kmacgetarbypdevid...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – Fixing the DFS radar event locking issue The ath11k active PDevs are protected by RCUs. However, the code that handles DFS radar events and calls ath11kmacgetarbypdevid was not marked as a read-side critical sectio...
Node.js Module axios < 1.15.2 Prototype Pollution
The version of the axios Node.js module installed on the remote host is prior to 1.15.2. It is, therefore, affected by the following vulnerability: - Axios has prototype pollution read-side gadgets in the HTTP adapter that allow credential injection and request hijacking. CVE-2026-42264 Note that...
CVE-2026-43214 KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2()
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Add SRCU protection for reading PDPTRs in getsregs2 Add SRCU read-side protection when reading PDPTR registers in getsregs2. Reading PDPTRs may trigger access to guest memory: kvmpdptrread - svmcachereg - loadpdptrs -...
CVE-2026-43214
The CVE-2026-43214 issue concerns Linux kernel KVM on x86: when reading PDPTRs in __get_sregs2(), SRCU read-side protection was missing. The root cause is that kvm_pdptr_read() may dereference guest memory via a chain (svm_cache_reg -> load_pdptrs -> kvm_vcpu_read_guest_page -> kvm_vcpu_...
SUSE CVE-2026-31669
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...
CVE-2026-31657
In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadvblaaddclaim can replace claim-backbonegw and drop the old gateway's last reference while readers still follow the pointer. The netlink claim dump path dereferences...
CVE-2026-31657
In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadvblaaddclaim can replace claim-backbonegw and drop the old gateway's last reference while readers still follow the pointer. The netlink claim dump path dereferences...
PT-2026-35009
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the batman-adv module, the function batadv bla add claim can replace claim-backbone gw and drop the last reference of the old gateway while readers are still following the pointer. Th...
EUVD-2026-25219
In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro-uniq use-after-free in rawrcv rawrelease unregisters raw CAN receive filters via canrxunregister, but receiver deletion is deferred with callrcu. This leaves a window where rawrcv may still be running in an RCU...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the reuse of a freed resource after the release of the ro-uniq operation in rawrcv. This could le...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005422)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005422 advisory. In the Linux kernel, the following vulnerability has been resolved: ima: Avoid blocking in RCU read-side critical section A panic happens in imamatchpolicy: BUG:...
PT-2025-53069
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the rtw88 wifi driver related to rate updates. The ieee80211 ops::sta rc update function must be atomic to prevent a context switch within an RCU...
PT-2025-51637
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A regression was introduced in the Linux kernel due to a commit 995412e23bb2 related to SCSI core functionality and tag iterators. This regression is triggered by the scsi host busy...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-381573)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-381573 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-389312)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-389312 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix dfs radar event locking The ath11k active pdevs are protected by RCU but the DF...
EUVD-2024-53302
Malicious code in bioql PyPI...