Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: can:bcm:bcmtxsetup: fixed the KMSAN uninit-value issue in vfswrite. Syzkaller reported the following issues: ===================================================== BUG: KMSAN: uninit-value in aiorwdone, file fs/aio.c:1520 inlin...

ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()

...

CVE-2026-26736

TOTOLINK A3002RUV3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the staticipv6 parameter in the formIpv6Setup function...

PT-2026-20359

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU V3 version 3.0.0-B20220304.1804 Description The TOTOLINK A3002RU V3 router firmware contains a stack-based buffer overflow. The issue is located in the formIpv6Setup function through the static ipv6 parameter. Recommendations ...

EUVD-2026-5775

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420618 of the file /goform/setupnp. This manipulation of the argument upnpenable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to...

EUVD-2025-203782

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Avoid btusbmtkclaimisointf NULL deref In btusbmtksetup, we set btmtkdata-isopktintf to: usbifnumtoifdata-udev, MTKISOIFNUM That function can return NULL in some cases. Even when it returns NULL, though...

CVE-2025-50950

CVE-2025-50950 affects the Audiofile library (v0.3.7) with a NULL pointer dereference in ModuleState::setup. The issue is confirmed by multiple advisories (Red Hat RHSA-2025:23457, Amazon ALAS2-2025-3087, EU/NVD entries) and assigns a CVSS v3.1 base score of 7.5 (High) with network attack vector,...

CVE-2025-9527

A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ackpolicy results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be...

CVE-2025-55599

The vulnerability CVE-2025-55599 affects D-Link DIR-619L firmware 2.06B01. It is a buffer overflow in the formWlanSetup function triggered by the f_wds_wepKey input, due to inadequate length validation. Reported CVSS vectors indicate high to critical impact (C/H/I/A) with network attack vector an...

scsi: st: Fix array overflow in st_setup()

...

SUSE CVE-2025-37857

In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in stsetup Change the array size to follow parms size instead of a fixed value...

CVE-2025-22067 spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()

In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdnsmrvlxspisetupclock If requestedclk 128, cdnsmrvlxspisetupclock iterates over the entire cdnsmrvlxspiclkdivlist array without breaking out early, causing 'i' to go beyond the arr...

PT-2025-16707 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically an out-of-bounds array access in the cdns mrvl xspi setup clock function. This issue occurs when requested clk is...

PT-2025-20508

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically an array overflow in the st setup function. The issue was addressed by changing the array size to follow the parms siz...

DEBIAN-CVE-2022-49681

In the Linux kernel, the following vulnerability has been resolved: xtensa: xtfpga: Fix refcount leak bug in setup In machinesetup, offindcompatiblenode will return a node pointer with refcount incremented. We should use ofnodeput when it is not used anymore...

CVE-2023-52784

In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bondsetupbyslave Commit 9eed321cde22 "net: lapbether: only support ethernet devices" has been able to keep syzbot away from net/lapb, until today. In the following splat 1, the issue is that a lapbethe...

UBUNTU-CVE-2024-35850

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a...

CVE-2022-21129

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...

Unprotested _setup function in XERC20Wrapper via Upgradable Contract

Lines of code Vulnerability details Impact If a caller calls the setup function and the address within the IMPLEMENTATIONSLOT does not equal zero, the function will call setup. The setup function changes the ownership of the contract. Proof of Concept The Upgradable contract has a setup function...

Change Admin and Opertorship address through setup function in AxelarGateway

Lines of code Vulnerability details Impact Anyone can set the Admin address and transferOperatorShip to a new address. Proof of Concept A Simple call to the setup function. That will call setAdmins of Axelar Multisig Base contract. Recommended Mitigation Steps Can Add access control on setup...