130 matches found
PT-2026-43692
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in ni read folio cmpr Syzbot reported a task hung in ni readpage cmpr now ni read folio cmpr. This is caused by a lock inversion deadlock involving the inode mutex ni lock and page locks. Scenario: 1. Task ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cifs: A memory leak was fixed when using fscache. If the condition “index == nextcached” is encountered, a reference count of the struct page is leaked. This issue is fixed by using readaheadfolio, which handles the reference cou...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Fuse: Fix for the deadlock caused by reclaimeduring. The commit e26ee4efbc79 “Fuse: Allocate ff-releaseargs only if release is needed” avoids allocating ff-releaseargs if the server does not implement open. However, in doing so,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm, swap: fixed a potential UAF issue related to VMA readahead. Since commit 78524b05f1a3 “mm, swap: avoiding redundant swap device pinning”, the common helper function for allocating and preparing a swap entry in the swap cache...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fuse: We are returning to using readaheadfolio for readahead. In commit 3eab9d7bc2f4 “fuse: converting readahead to use folio”, the logic was changed to use the new folio version of readahead. This removes the reference to the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: exfat: Fixed the divide-by-zero issue in exfatallocatebitmap. The variable maxracount can be 0 in exfatallocatebitmap. This can cause a divide-by-zero error in the subsequent modulo operation i % maxracount, resulting in a system...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/filemap: Make MAXPAGECACHEORDER acceptable to xarray. Patch series “mm/filemap: Limit page cache size to that supported by xarray”, version 2. Currently, xarray cannot support arbitrary page cache sizes. More details can be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: zonefs: fixed zonefsiomapbegin for reads. If a readahead operation is issued on a sequential zone file with an offset that exactly equals the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent any I/O...
CLSA-2026-1778768341 python: Fix of 4 CVEs
CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...
CLSA-2026-1778769563 python: Fix of 4 CVEs
CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...
python: Fix of 4 CVEs
CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...
CVE-2026-31514 erofs: set fileio bio failed in short read case
In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in short read case For file-backed mount, IO requests are handled by vfsiocbiterread. However, it can be interrupted by SIGKILL, returning the number of bytes actually copied. Unused folios in bio are...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013214)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013214 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifsreadpageworker is...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006756)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006756 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifsreadpageworker is...
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50113)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50113 advisory. - sunrpc: fix client side handling of tls alerts Olga Kornievskaia Orabug: 38334981 CVE-2025-38571 - sunrpc: fix handling of server side tls alert...
SUSE CVE-2025-68821
In the Linux kernel, the following vulnerability has been resolved: fuse: fix readahead reclaim deadlock Commit e26ee4efbc79 "fuse: allocate ff-releaseargs only if release is needed" skips allocating ff-releaseargs if the server does not implement open. However in doing so, fusepreparerelease now...
MiracleLinux 7 : kernel-3.10.0-327.10.1.el7 (AXSA:2016-136:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-136:02 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...
CVE-2025-68821
A flaw was found in the Linux kernel's Filesystem in Userspace FUSE subsystem. This vulnerability allows a local attacker to cause a system-wide deadlock. The flaw occurs due to incorrect handling of inode references during readahead operations when the FUSE server does not implement the open...
CVE-2025-68821
In the Linux kernel, the following vulnerability has been resolved: fuse: fix readahead reclaim deadlock Commit e26ee4efbc79 "fuse: allocate ff-releaseargs only if release is needed" skips allocating ff-releaseargs if the server does not implement open. However in doing so, fusepreparerelease now...
CVE-2025-68821
In the Linux kernel, the following vulnerability has been resolved: fuse: fix readahead reclaim deadlock Commit e26ee4efbc79 "fuse: allocate ff-releaseargs only if release is needed" skips allocating ff-releaseargs if the server does not implement open. However in doing so, fusepreparerelease now...