CVE-2026-46162 ice: fix double free in ice_sf_eth_activate() error path

In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls auxiliarydeviceuninit&sfdev-adev. The device release callback icesfdevrelease frees sfdev, but th...

CVE-2026-46162

CVE-2026-46162 relates to the Linux kernel ice driver path icing the auxiliary device path in ice_sf_eth_activate(). When auxiliary_device_add() fails, the error path falls through to sf_dev_free and ends up calling kfree(sf_dev) a second time, causing a double free. The fix keeps kfree(sf_dev) f...

PT-2026-44285

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A double free issue exists in the Linux kernel within the ice sf eth activate function. When auxiliary device add fails, the execution jumps to aux dev uninit and calls auxiliary device...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: sf-pdma – Added multithreading support for DMA channels. When a DMA channel is obtained and tried to be used across multiple threads, it can lead to errors and cause the system to hang. The following commands can be...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: sf-pdma: pdmadesc memory leak fix The commit b2cc5c465c2c “dmaengine: sf-pdma: Add multithread support for a DMA channel” changed sfpdmaprepdmamemcpy to automatically allocate a new sfpdmadesc each time it is called...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: SCTP: Proper validation of chunk size in sctpsfootb was added. A size validation fix, similar to that in Commit 50619dbf8db7 “SCTP: Add size validation when processing chunks”, is also required in sctpsfootb to address a crash...

Malicious code in sf-vmeval-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a8fa27c8dc6bf13a4f5d92f14414a4f5efc08c1df7f33591a010b4f824e84bc1 During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...

Malicious code in sf-th-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3a4508be29963ffe0a2d8b245449cf80873bdd6037c226e94ff99d9937566c7d During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...

MAL-2026-3135 Malicious code in sf-th-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3a4508be29963ffe0a2d8b245449cf80873bdd6037c226e94ff99d9937566c7d During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...

CVE-2026-26029

CVE-2026-26029 affects the sf-mcp-server component (Salesforce MCP server for Claude for Desktop). The issue arises from unsafe use of child_process.exec when forming Salesforce CLI commands with user-controlled input, enabling a potential command injection. Successful exploitation could execute ...

CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

sf-mcp-server 操作系统命令注入漏洞

sf-mcp-server is a context-based protocol server developed by Anton Kutishevsky. sf-mcp-server has an operating system command injection vulnerability. This vulnerability arises from unsafe operations when using childprocess.exec to handle user input, which may lead to command injection attacks...

PT-2026-7725

Name of the Vulnerable Software and Affected Versions sf-mcp-server affected versions not specified Description A command injection issue exists in sf-mcp-server, an implementation of Salesforce MCP server for Claude for Desktop. The issue is due to the unsafe use of the child process.exec functi...

ETERNUS SF vulnerable to insertion of sensitive information into maintenance data

Overview ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability. Insertion of sensitive information into maintenance data CWE-532 - CVE-2025-68919 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993149)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993149 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: Add multithread support for a DMA channel When we get a DMA channel and try t...

CVE-2023-54020

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdmadesc memory leak fix Commit b2cc5c465c2c "dmaengine: sf-pdma: Add multithread support for a DMA channel" changed sfpdmaprepdmamemcpy to unconditionally allocate a new sfpdmadesc each time it is called. The...

SUSE CVE-2023-54020

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdmadesc memory leak fix Commit b2cc5c465c2c "dmaengine: sf-pdma: Add multithread support for a DMA channel" changed sfpdmaprepdmamemcpy to unconditionally allocate a new sfpdmadesc each time it is called. The...

CVE-2025-68919

CVE-2025-68919 affects Fujitsu Fsas Technologies ETERNUS SF ACM/SC/Express (DX/AF Management Software). The issue arises because maintenance data collected by the system can be accessed by a non-admin principal, potentially exposing data and impacting confidentiality (C), with limited integrity/a...

CVE-2023-54020

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdmadesc memory leak fix Commit b2cc5c465c2c "dmaengine: sf-pdma: Add multithread support for a DMA channel" changed sfpdmaprepdmamemcpy to unconditionally allocate a new sfpdmadesc each time it is called. The...

UBUNTU-CVE-2023-54020

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdmadesc memory leak fix Commit b2cc5c465c2c "dmaengine: sf-pdma: Add multithread support for a DMA channel" changed sfpdmaprepdmamemcpy to unconditionally allocate a new sfpdmadesc each time it is called. The...