Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A out-of-bounds write vulnerability exists in the Linux kernel’s net/sched:schqfq component. This vulnerability can be exploited to achieve local privilege escalation. The qfqchangeagg function in net/sched/schqfq.c allows for an out-of-bounds write, as lmax is updated based on packet sizes witho...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

CVE-2026-22999

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: do not free existing class in qfqchangeclass Fixes qfqchangeclass error case. cl-qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF...

SUSE CVE-2026-22976

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

CVE-2026-22976 net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

CVE-2025-40083

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix null-deref in aggdequeue To prevent a potential crash in aggdequeue net/sched/schqfq.c when cl-qdisc-ops-peekcl-qdisc returns NULL, we check the return value before using it, similar to the existing approac...

Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-15050055116 fixes one issue. The following security issue was fixed: CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE SLES15 Security Update : kernel RT (Live Patch 13 for SLE 15 SP6) (SUSE-SU-2025:03473-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03473-1 advisory. This update for the Linux Kernel 6.4.0-1506001044 fixes one issue. The following security issue was fixed: - CVE-2025-38477: net/sched: schqfq: Fix ra...

Security update for kernel-livepatch-MICRO-6-0_Update_9

This update for kernel-livepatch-MICRO-6-0Update9 fixes the following issues: CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for kernel-livepatch-MICRO-6-0_Update_9

This update for kernel-livepatch-MICRO-6-0Update9 fixes the following issues: CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:20812-1 Security update for kernel-livepatch-MICRO-6-0_Update_9

This update for kernel-livepatch-MICRO-6-0Update9 fixes the following issues: - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315...

EUVD-2023-54757

Malicious code in bioql PyPI...

K000140864: Linux kernel vulnerability CVE-2023-4921

Security Advisory Description A use-after-free vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfqdequeue due to the...

Oracle Linux 6 : kernel (ELSA-2024-1831)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1831 advisory. - net/sched: schqfq: account for stab overhead in qfqenqueue CVE-2023-3611 Orabug: 36517546 - net/sched: clsfw: Fix improper refcount update leads to...

kernel: use-after-free in sch_qfq network scheduler

A use-after-free flaw was found in qfqdequeue and aggdequeue in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This issue may allow a local user to crash the system or escalate their privileges on the system...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security...

SUSE SLES15 Security Update : kernel (Live Patch 5 for SLE 15 SP5) (SUSE-SU-2024:0685-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0685-1 advisory. - A use-after-free vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. When...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 41 for SLE 12 SP5) (SUSE-SU-2024:0655-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0655-1 advisory. - A race condition was found in the QXL driver in the Linux kernel. The qxlmodedumbcreate function dereferences the qobj returned by t...

SUSE SLES15 Security Update : kernel RT (Live Patch 5 for SLE 15 SP5) (SUSE-SU-2024:0624-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0624-1 advisory. - A use-after-free vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. When...