27 matches found
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: tee, amdtee: fixed the use-after-free vulnerability in amdteeclosesession. There is a potential race condition in amdteeclosesession that may cause a use-after-free in amdteeopenSession. For example, if a session has a referen...
Advisory ROSA-SA-2026-3264
Software: kernel 4.18.0 OS: ROSA Virtualization 3.1 unaffected versions = kernel-4.18.0-553.123.1.el810 affected versions lock, allowing a local attacker to cause a denial of service or execute arbitrary code when frequently switching a thread simultaneously with opening/closing a related...
Security Bulletin: IBM MQ Appliance is affected by mulitple open source vulnerabilities (CVE-2026-23193, CVE-2026-23231, CVE-2026-3497)
Summary IBM MQ Appliance has addressed multiple open source vulnerabilities. Vulnerability Details CVEID:CVE-2026-23193 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire...
EUVD-2026-24498
Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...
kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...
Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway
Citrix has fixed vulnerabilities in their software related to insufficient input validation and a race condition in session management. The input validation vulnerability occurs because the software does not correctly check for input sizes or limits, which can lead to memory overreads. This can...
DEBIAN-CVE-2026-32942
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...
EUVD-2025-203771
HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions...
kernel: tee: amdtee: fix race condition in amdtee_open_session
A use-after-free vulnerability was found in the AMD TEE driver in the Linux kernel. The flaw occurs from a race condition in the amdteeopensession function, where the session is marked as active in sess-sessmask before the corresponding sess structure is fully initialized. If a parallel thread...
Linux Distros Unpatched Vulnerability : CVE-2025-32441
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a...
kernel: tee: amdtee: fix race condition in amdtee_open_session
A use-after-free vulnerability was found in the AMD TEE driver in the Linux kernel. The flaw occurs from a race condition in the amdteeopensession function, where the session is marked as active in sess-sessmask before the corresponding sess structure is fully initialized. If a parallel thread...
kernel: tee: amdtee: fix race condition in amdtee_open_session
A use-after-free vulnerability was found in the AMD TEE driver in the Linux kernel. The flaw occurs from a race condition in the amdteeopensession function, where the session is marked as active in sess-sessmask before the corresponding sess structure is fully initialized. If a parallel thread...
Linux Distros Unpatched Vulnerability : CVE-2024-58087
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count...
Security update for rmt-server
This update for rmt-server fixes the following issues: Update to version 2.23 CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. bsc1242893 CVE-2025-32441: Fixed a bug where simultaneous rack requests can restore a deleted rack session. bsc1242898 Patch Instructions: To install th...
SUSE CVE-2025-37924
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess-user = NULL was introduced to fix the dangling pointer created by ksmbdfreeuser. However, it is possible another thread could be operating on the session and make...
AZL-52917 CVE-2024-49940 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: l2tp: prevent possible tunnel refcount underflow When a session is created, it sets a backpointer to its tunnel. When the session refcount drops to 0, l2tpsessionfree drops the tunnel refcount if session-tunnel is non-NULL...
kernel: tee: amdtee: fix race condition in amdtee_open_session
A use-after-free vulnerability was found in the AMD TEE driver in the Linux kernel. The flaw occurs from a race condition in the amdteeopensession function, where the session is marked as active in sess-sessmask before the corresponding sess structure is fully initialized. If a parallel thread...
Session race condition remote code execution vulnerability
...
Session race condition remote code execution vulnerability
...