53 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: media: iris: Fixed a memory leak by releasing the untracked persist buffer. A internal buffer that is allocated only once per session was not being released during session closure. This was because it wasn’t tracked as part of th...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: A use-after-free issue was fixed in ksmbdsessionrpcopen. A UAF Use-After-Free issue may occur due to a race condition between ksmbdsessionrpcopen and sessionrpcclose. Adding a rpclock to the session can help protect it...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: virtio-crypto: fixed a memory leak in virtiocryptoalgskcipherclosesession The variable 'vcctrlreq' is allocated in virtiocryptoalgskcipherclosesession, and should be freed in the invalid ctrlstatus-status error handling case...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: libceph: fixed a race condition between delayedwork and cephmoncstop The way delayed work is handled in cephmoncstop is prone to races with monfault, and possibly also finishhunting. Both of these can requeue the delayed work,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: smb/server: The function ksmbdsessionrpcclose is called on the error path in the createsmb2pipe function. When the ksmbdiovpinrsp function fails, we should call ksmbdsessionrpcclose...
CVE-2026-40943 Oxia: Server crash via race condition in session heartbeat handling
Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...
CVE-2026-40943
Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...
CVE-2026-34209
The CVE-2026-34209 entry concerns the mppx TypeScript interface for the machine payments protocol. According to connected Red Hat/NVD/NVD-enriched data, the vulnerability lies in the tempo/session cooperative close handler, which validated the close voucher amount using < instead of
CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
GHSA-MV9J-8JVG-J8MR mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
Impact The tempo/session cooperative close handler validated the close voucher amount using instead of = against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing...
CVE-2026-22321 Stack-Based Buffer Overflow in CLI Login Username Handling over CLI
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...
UBUNTU-CVE-2025-71220
In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbdsessionrpcclose on error path in createsmb2pipe When ksmbdiovpinrsp fails, we should call ksmbdsessionrpcclose...
CVE-2025-71220
In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbdsessionrpcclose on error path in createsmb2pipe When ksmbdiovpinrsp fails, we should call ksmbdsessionrpcclose...
webtransport-go: CloseWithError can block indefinitely
Summary An attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream, blocking transmission of the WTCLOSESESSION capsule and causing the close operati...
CVE-2025-68812
In the Linux kernel, the following vulnerability has been resolved: media: iris: Add sanity check for stop streaming Add sanity check in irisvb2stopstreaming. If inst-state is already IRISINSTERROR, we should skip the streamoff operation because it would still send packets to the firmware. In...
CVE-2025-68812 media: iris: Add sanity check for stop streaming
In the Linux kernel, the following vulnerability has been resolved: media: iris: Add sanity check for stop streaming Add sanity check in irisvb2stopstreaming. If inst-state is already IRISINSTERROR, we should skip the streamoff operation because it would still send packets to the firmware. In...
PT-2026-2544
In the Linux kernel, the following vulnerability has been resolved: media: iris: Add sanity check for stop streaming Add sanity check in iris vb2 stop streaming. If inst-state is already IRIS INST ERROR, we should skip the stream off operation because it would still send packets to the firmware. ...
SUSE CVE-2023-54184
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Free cmds before session free Commands from recovery entries are freed after session has been closed. That leads to use-after-free at command free or NPE with such call trace: Time2Retain timer expired for...
Linux Distros Unpatched Vulnerability : CVE-2023-54184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: target: iscsit: Free cmds before session free Commands from recovery entries are freed after session has been closed. That leads to use-after-free at...
EUVD-2023-60457
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Free cmds before session free Commands from recovery entries are freed after session has been closed. That leads to use-after-free at command free or NPE with such call trace: Time2Retain timer expired for...