4616 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/writeback: Skip mappings with ASNODATAINTEGRITY in waitsbinodes. In the while loop of waitsbinodes, it is documented that we must wait for all pages under writeback to ensure data integrity. Consequently, if a mapping, such as...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ptp: ocp: fixed use-after-free bugs caused by ptpocpwatchdog The ptpocpdetach function only shuts down the watchdog timer if it is pending. However, if the timer handler is already running, timerdeletesync is not called. This...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl8xxxu: Added cancelworksync for c2hcmdwork. The workqueue may still be running when the driver is stopped. To avoid a use-after-free, call cancelworksync in rtl8xxxustop...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: i2c: pnx: Fixed a potential deadlock warning from the deltimersync call in isr. When deltimersync is called in an interrupt context, a warning is thrown due to a potential deadlock. The timer is only used to exit from...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Media: BTTV – Fixed an issue where a use-after-free error occurred due to the btv-timeout timer. There may be a race condition between the btvirqtimeout timer function and bttvremove. The timer is set up in the probe phase, and...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: Fixed a slab-use-after-free read in setpoweredsync. This fix resolves the following crash: BUG: KASAN: Slab-use-after-free in setpoweredsync+0x3a/0xc0, net/bluetooth/mgmt.c:1353. A read of size 8 at address...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fixed a null pointer dereference in btintelreadversion. If hcicmdsyncComplete is triggered and skb is NULL, then hdev-reqskb will also be NULL, which will cause this issue...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: NFS: Automounted file systems should inherit the “ro”, “noexec”, “nodev”, and “sync” flags. When a file system is automatically mounted, it needs to preserve the user-set superblock mount options, such as the “ro” flag...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: legitimizemnt. The check for MNTSYNCUMOUNT should be performed under mountlock. … Otherwise, we risk stealing the final mntput from sync umount. This occurs after umount2 verifies that the victim is not busy, but before it sets...
CVE-2026-7627 8nite metatrader-4-mcp sync_ea_from_file index.ts CallToolRequestSchema path traversal
A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component synceafromfile. Such manipulation of the argument eaname leads to path traversal. The attack can be launched remotely...
CVE-2026-7627 8nite metatrader-4-mcp sync_ea_from_file index.ts CallToolRequestSchema path traversal
A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component synceafromfile. Such manipulation of the argument eaname leads to path traversal. The attack can be launched remotely...
SUSE CVE-2026-31713
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
PT-2026-36605
A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync ea from file. Such manipulation of the argument ea name leads to path traversal. The attack can be launched...
Linux Distros Unpatched Vulnerability : CVE-2026-43019
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's...
Linux Distros Unpatched Vulnerability : CVE-2026-31713
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem...
CVE-2026-31739
A flaw was found in the Linux kernel's tegra crypto driver. The driver failed to correctly set a flag for its asynchronous cryptographic algorithms. This oversight could lead to the crypto API selecting asynchronous algorithms when a user specifically requests synchronous ones. Consequently, this...
CVE-2026-31713
A flaw was found in the Linux kernel's Filesystem in Userspace FUSE component. When using synchronous initialization sync init, if the FUSE server exits unexpectedly while processing the FUSEINIT request, the filesystem creation process can hang. This issue occurs because the mounting thread keep...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unserialize function in the sync-invoke client when processing data received from a server response. An attacker can execute arbitrary code by sending crafted serialized data from a malicious...
CVE-2026-43019
A flaw was found in the Linux kernel's Bluetooth component. Improper synchronization in the setcigparamssync function can lead to a use-after-free UAF vulnerability. This issue arises when hciconn objects are accessed without proper locking, allowing them to be freed concurrently. An attacker cou...
CVE-2026-43021
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...