Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fixed the use of the pointer offset in errorstateread. This fix addresses the issue where, when there is no i915gpucoredump but the bufoffset is non-zero, a kernel page fault may occur. This issue can occur when...

CVE-2026-44504

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

CVE-2026-44504

CVE-2026-44504 (Aegra) describes a cross-tenant IDOR in Aegra deployments prior to 0.9.7 where an authenticated user with access to another user’s thread_id can: (1) execute runs against that user’s thread via /threads/{thread_id}/runs (and related endpoints), (2) read the other user’s full check...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989719)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989719 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstaterea...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989438)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989438 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstaterea...

SUSE CVE-2022-49723

In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstateread when there is no i915gpucoredump but buf offset is non-zero. This fixes a kernel page fault can happen when multiple tests are...

DEBIAN-CVE-2022-49723

In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstateread when there is no i915gpucoredump but buf offset is non-zero. This fixes a kernel page fault can happen when multiple tests are...

UBUNTU-CVE-2022-49723

In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstateread when there is no i915gpucoredump but buf offset is non-zero. This fixes a kernel page fault can happen when multiple tests are...

CVE-2022-49723

The CVE-2022-49723 issue affects the Linux kernel’s i915 DRM reset path. The root cause is incorrect pointer offset handling in error_state_read when there is no i915_gpu_coredump but a non-zero buffer offset, which could lead to a kernel page fault under concurrent engine resets and error_state ...

CVE-2022-49723 drm/i915/reset: Fix error_state_read ptr + offset use

In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstateread when there is no i915gpucoredump but buf offset is non-zero. This fixes a kernel page fault can happen when multiple tests are...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the errorstateread function of the drm/i915/reset module that uses a null pointer at a non-zero offset...

kernel: drm/i915/reset: Fix error_state_read ptr + offset use

In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstateread when there is no i915gpucoredump but buf offset is non-zero. This fixes a kernel page fault can happen when multiple tests are...

lighttpd 安全漏洞

lighttpd is an open source web server developed by Jan Kneschke in Germany. A security vulnerability exists in lighttpd that originates from a denial-of-service attack that can be triggered via CLOSEWAIT / CONSTATEREADPOST...