Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed the session state check when reconnecting to avoid a use-after-free issue. Do not collect the exiting session in smb2reconnectserver; this session will be released soon. Note that the exiting session will remain in...

CVE-2026-41458 OwnTone Server < 29.1 Race Condition DoS via DAAP Login

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent...

CVE-2026-41458

OwnTone Server versions 28.4–29.0 are affected by a race condition in the DAAP login handler that allows unauthenticated attackers to crash the server by flooding the /login endpoint due to unsynchronized access to the global DAAP session list. The CVE record indicates a fix in 29.1; upgrade to 2...

OwnTone 竞争条件问题漏洞

OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server developed by OwnTone. Versions 28.4 to 29.0 of OwnTone have a vulnerability related to concurrency issues. This vulnerability stems from the lack of synchronization when accessing the global DA...

kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock

A vulnerability was found in the Linux kernel's Controller Area Network CAN protocol, within the J1939 protocol implementation. This issue occurs due to a potential deadlock caused by a race condition involving three locks: j1939sockslock, activesessionlistlock, and sksessionqueuelock. This issue...

CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

DEBIAN-CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

CVE-2023-53794 cifs: fix session state check in reconnect to avoid use-after-free issue

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

PT-2024-25375 · Sharp +1 · Multiple Mfps

Name of the Vulnerable Software and Affected Versions: No specific software name and version are mentioned in the provided descriptions. Description: The issue concerns the accessibility of certain web pages, specifically "sessionlist.html" and "sys trayentryreboot.html", without requiring...

Fedora 39 : xrdp (2024-41c1bf8de6)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-41c1bf8de6 advisory. Release notes for xrdp v0.10.1 2024/07/31 General announcements A clipboard bugfix included in this release is sponsored by Krmer Pferdesport GmbH & Co KG. W...

PT-2024-31161

Name of the Vulnerable Software and Affected Versions Software versions prior to 24.07.12 Software versions 23.01.20 LTS through 23.01.19 LTS Software versions 23.10.24v13 LTS and earlier Software versions 24.04.24v5 LTS and earlier Description The issue arises in the System → Maintenance tool,...

DEBIAN-CVE-2024-35869

In the Linux kernel, the following vulnerability has been resolved: smb: client: guarantee refcounted children from parent session Avoid potential use-after-free bugs when walking DFS referrals, mounting and performing DFS failover by ensuring that all children from parent @tcon-ses are also...

PT-2024-26764

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description The issue is related to a potential use-after-free bug in the Linux kernel's SMB client when walking DFS referrals, mounting, and performing DFS failover. This is resolved by ensuring all...

CVE-2023-52503

In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix use-after-free vulnerability in amdteeclosesession There is a potential race condition in amdteeclosesession that may cause use-after-free in amdteeopensession. For instance, if a session has refcount == 1, and o...

SUSE CVE-2021-47026

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: destroy sysfs after removing session from active list A session can be removed dynamically by sysfs interface "removepath" that eventually calls rtrscltremovepathfromsysfs function. The current...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from allowing sessions to be removed from the active list...

CVE-2023-21451

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S12 allows attacker to cause memory corruptions...