Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btusb: mediatek – Fixed a kernel crash that occurred when releasing the mtk iso interface. When performing reset tests and encountering abnormal card drop issues that lead to a kernel crash, it is necessary to perfo...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fixed a crash in nfsd4readrelease. When tracing is enabled, the tracenfsdreaddone trace point crashes during the pynfs read.testNoFh test...

CVE-2022-50819 udmabuf: Set ubuf->sg = NULL if the creation of sg table fails

In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set ubuf-sg = NULL if the creation of sg table fails When userspace tries to map the dmabuf and if for some reason e.g. OOM the creation of the sg table fails, ubuf-sg needs to be set to NULL. Otherwise, when the userspa...

NanoMQ 资源管理错误漏洞

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open-sourced by EMQ USA. A resource management error vulnerability exists in NanoMQ versions prior to 0.24.2, which stems from a data contention issue with the subscription information list that could lead to a reuse crash after...

EUVD-2025-201621

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix crash in nfsd4readrelease When tracing is enabled, the tracenfsdreaddone trace point crashes during the pynfs read.testNoFh test...

CVE-2025-40324 NFSD: Fix crash in nfsd4_read_release()

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix crash in nfsd4readrelease When tracing is enabled, the tracenfsdreaddone trace point crashes during the pynfs read.testNoFh test...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990922)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990922 advisory. In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989743)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989743 advisory. In the Linux kernel, the following vulnerability has been resolved: um: net: Do not use drvdata in release The drvdata is not available in release. Let's just use...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990265)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990265 advisory. In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990256)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990256 advisory. In the Linux kernel, the following vulnerability has been resolved: um: net: Do not use drvdata in release The drvdata is not available in release. Let's just use...

CVE-2022-50473 cpufreq: Init completion before kobject_init_and_add()

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobjectinitandadd In cpufreqpolicyalloc, it will call uninitialed completion in cpufreqsysfsrelease when kobjectinitandadd fails. And that will cause a crash such as the following page fault in...

CVE-2022-50473

CVE-2022-50473 affects the Linux kernel cpufreq subsystem. The root cause is calling an uninitialized completion in cpufreq_sysfs_release() when kobject_init_and_add() fails, occurring in cpufreq_policy_alloc(). This can lead to a crash (page fault) on a local system via complete+0x98, with Call ...

PT-2025-40660

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the cpufreq subsystem. Specifically, in cpufreq policy alloc, an uninitialized completion is called within cpufreq sysfs release when kobject...

CVE-2024-53183

In the Linux kernel, the following vulnerability has been resolved: um: net: Do not use drvdata in release The drvdata is not available in release. Let's just use containerof to get the umlnet instance. Otherwise, removing a network device will result in a crash: RIP:...

DEBIAN-CVE-2024-53181

In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use containerof to get the vectordevice instance. Otherwise, removing a vector device will result in a crash: RIP:...

UBUNTU-CVE-2024-53181

In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use containerof to get the vectordevice instance. Otherwise, removing a vector device will result in a crash: RIP:...

CVE-2024-53181 um: vector: Do not use drvdata in release

In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use containerof to get the vectordevice instance. Otherwise, removing a vector device will result in a crash: RIP:...

Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

Mozilla: Crash in TransportSecurityInfo due to cached data

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

UBUNTU-CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...