26 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free. References to i915requests may be trapped by the user space within a syncfile or dmabuf dma-resv, and held indefinitely across different processes. To count...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the btrfssyncfile event. This event involves accessing the super block through dentry, without...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...
CVE-2026-7292
CVE-2026-7292 affects o2oa up to v10.0, in the NodeAgent.py syncFile function, causing improper authorization. The issue can be triggered remotely with high attack complexity; exploit maturity is PROOF-OF-CONCEPT and report confidence is REASONABLE. CVSS details: CVSSv3.1 base 5.6 (NETWORK, HIGH ...
EUVD-2026-26136
A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The...
PT-2026-35812
A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The...
kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free
A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...
kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free
A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...
kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free
A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...
EUVD-2023-60056
Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service,...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988987)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988987 advisory. In the Linux kernel, the following vulnerability has been resolved: dma-buf/syncfile: Don't leak fences on merge failure Each addfence call does a dmafenceget on the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987317)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987317 advisory. In the Linux kernel, the following vulnerability has been resolved: dma-buf/syncfile: Don't leak fences on merge failure Each addfence call does a dmafenceget on the...
UBUNTU-CVE-2023-53552
In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915requests may be trapped by userspace inside a syncfile or dmabuf dma-resv and held indefinitely across different proceses. To counter-act t...
SUSE CVE-2025-38409
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...
DEBIAN-CVE-2025-38409
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...
AZL-65723 CVE-2025-38409 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...
AZL-73031 CVE-2025-38409 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...
UBUNTU-CVE-2025-38409
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...
PT-2025-30809
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak was identified in the drm/msm subsystem of the Linux kernel, specifically within the error handling path for submitting operations. The put unused fd function fails to...
PT-2024-38056 · F Logic · F-Logic Datacube3
Name of the Vulnerable Software and Affected Versions: F-logic DataCube3 version 1.0 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically in the file /admin/config time sync.php. The manipulation of the ntp server argument leads to os command...