Lucene search
K

5 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: kcm: Annotated race condition around kcm-rxwait has been addressed. kcm-rxpsock can be accessed without a read lock in kcmrfree. The read and write operations should be annotated accordingly. syzbot reported: BUG: KCSAN: A dat...

5.5CVSS5.9AI score0.00145EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/29 7:5 p.m.14 views

unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race

Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...

5.8CVSS5.8AI score0.0013EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990766)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990766 advisory. In the Linux kernel, the following vulnerability has been resolved: kcm: close race conditions on skreceivequeue sk-skreceivequeue is protected by skb queue lock, bu...

4.7CVSS6.2AI score0.00133EPSS
Exploits0References4
CVE
CVE
added 2025/08/16 11:12 a.m.49 views

CVE-2025-38524

The CVE-2025-38524 issue concerns a race in Linux kernel RXRPC: when a call on a socket receives events, the call may be dequeued by two threads, potentially causing a release/decoupling that leaves a stale RXRPC_USER_CALL_ID. The fix dequeues the call and ignores it if it is already released, pr...

4.7CVSS6.5AI score0.00104EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/08/16 11:12 a.m.9 views

CVE-2025-38524 rxrpc: Fix recv-recv race of completed call

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...

0.00104EPSS
Exploits0References4
Rows per page
Query Builder