110 matches found
CVE-2026-52837 Easy!Appointments has unauthenticated customer PII disclosure on booking reschedule page
Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at /index.php/booking/reschedule/appointmenthash handled by Booking::index embeds the entire customer record as inline JavaScript const vars = ... "customerdata": ...,...
CVE-2026-52837
Summary: Easy!Appointments
CVE-2026-53083
A flaw was found in the Linux kernel. A missing condresched in the bpffdarraymapclear loop, specifically when handling BPF Berkeley Packet Filter PROGARRAY maps with numerous entries, can lead to an RCU Read-Copy Update stall. This can result in a Denial of Service DoS under heavy system load, as...
CVE-2026-53083
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix RCU stall in bpffdarraymapclear Add a missing condresched in bpffdarraymapclear loop. For PROGARRAY maps with many entries this loop calls progarraymappokerun per entry which can be expensive, and without yielding this c...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Quota: Fixed a livelock issue between quotactl and freezesuper. When a filesystem is frozen, quotactlblock enters a retry loop, waiting for the filesystem to thaw. It acquires sumount, checks the freeze state, releases sumount, a...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iouring: Check whether we need to reschedule during overflow flushing. In terms of normal application usage, this list will always be empty. If an application does cause an overflow, it will have a few entries in this list...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fixed the lockup issue in dmexceptiontableexit. A lockup was reported when exiting a snapshot with many exceptions. This issue has been fixed by adding “condresched” to the loop that frees the exceptions...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: NFSv4: Fixed an error in pnfsmarkrequestcommit, when performing ODIRECT operations. Fixed an error-prone condition in pnfsmarkrequestcommit, when adding a set of write operations to the commit list in order to reschedule them...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: md/raid10: preventing soft lockup during flush writes Currently, there is no limit for plugged bio in raid1/raid10. While performing flush writes, raid1 uses condresched, whereas raid10 does not. Too many writes can cause a soft...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: dmcrypt: added condresched to dmcryptwrite. The loop in dmcryptwrite may run for an unlimited amount of time; therefore, condresched is needed in it. This commit fixes the following warnings: 3391.153255 C12 watchdog: BUG: sof...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: schedext: The deadlock caused by SCXKICKWAIT was fixed by deferring the wait until the target CPU’s kickSYNC progresses. The busy-waiting mechanism in kickcpusirqworkfn uses smpCondLoadAcquire until the target CPU’s kickSYNC...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handling of actinetdevs allocation failures The kmallocarray function in nfpfllagdowork will return null if physical memory runs out. As a result, if we dereference actinetdevs, null pointer dereferencing bugs may...
CVE-2026-43482
A flaw was found in the Linux kernel's schedext component. If a task is preempted between the scxclaimexit function and the subsequent helper work activation, and the BPF Berkeley Packet Filter scheduler fails to reschedule it, the system can become unresponsive. This can lead to a denial of...
EUVD-2026-28610
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...
EUVD-2026-28562
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...
CVE-2026-43292
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...
CVE-2026-43326
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...
CVE-2026-43326
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...
CVE-2026-43292
The CVE-2026-43292 issue affects the Linux kernel mm/vmalloc path when CONFIG_PAGE_OWNER is enabled. During vmalloc cleanup, freeing KASAN shadow pages can trigger stack unwinding under an RCU read lock, and processing a large purge_list (kasan_release_vmalloc_node) may cause long RCU stalls (10+...
CVE-2026-43292
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...