4597 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Fixed a race condition in hcicmdsyncclear. There is a potential race condition in hcicmdsyncwork and hcicmdsyncclear, which could lead to use-after-free issues. For example, hcicmdsyncwork is added to the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: If hcicmdsyncqueueonce returns -EEXIST, it indicates that a queue item already exists. hcicmdsyncqueueonce needs to indicate whether a queue item was added, so that the caller can know if callbacks are...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fixed a possible null-pointer dereference due to a data race in sndhdacregmapsync. The variable codec-regmap is often protected by the codec-regmaplock when accessed. However, it is accessed without holding the lock wh...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: fixed a crash in setmeshsync and setmeshcomplete. There is a bug: KASAN: a stack-out-of-bounds issue in setmeshsync, caused by memcpy from a poorly declared on-stack flexible array. Another crash occurs in...
Astra Linux - уязвимость в containerd
Containerd is an open-source container runtime. A bug was discovered in the CRI implementation of Containerd, where programs within a container can cause the Containerd daemon to consume memory indefinitely during the invocation of the ExecSync API. This can result in Containerd consuming all...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: md/raid10: Fixed the null-ptr-deref in raid10syncrequest. initresync now initializes the mempool and sets conf-havereplacemnt to true at the beginning of the sync process. closesync frees the mempool when the sync is completed...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: fixed a memory leak in hciupdateadvdata. When hcicmdsyncqueue fails in hciupdateadvdata, the instptr is not freed, which can lead to a memory leak. To address this issue, ERRPTR/PTRERR was used instead of...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use deltimersync instead of deltimer in the fw reset flow of the halting poll. Replace deltimer with deltimersync in the fw reset polling activation flow. This prevents a race condition that occurs when deltimer is call...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a use-after-free condition in tipcnamedreinit. syzbot identified the following issue: BUG: KASAN: Use-after-free in tipcnamedreinit+0x94f/0x9b0 net/tipc/namedistr.c:413 A 8-byte read at address ffff88805299a000 was...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fixed a null pointer dereference in btintelreadversion. If hcicmdsyncComplete is triggered and skb is NULL, then hdev-reqskb will also be NULL, which will cause this issue...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciqca: Use deltimersync before freeing the timer. While reviewing a crash report regarding a corrupted timer list, which typically occurs when a timer is freed while still active, this issue is commonly triggered by...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fixed the user fence leak when allocation failed. When dmafencechainalloc fails, properly releasing the reference to the user fence prevents a memory leak. Selected from the commit...
Astra Linux - уязвимость в ntfs-3g
A properly crafted NTFS image can lead to a out-of-bounds access in ntfs inode syncstandardinformation in NTFS-3G 2021.8.22...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Use RCU for hciconnparams and iterate safely in hcisync. hciupdateacceptlistsync iterates over hdev-pendleconns and hdev-pendlereports, and waits for controller events in the loop body, without holding the hdev lock...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021562)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021562 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021563)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021563 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the...
Linux Distros Unpatched Vulnerability : CVE-2026-43322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace...
xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...
MAL-2026-4518 Malicious code in cheaty-sync-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b192c71c59ccca1d9cc720372bd29f39eae8b5da4d572cd1e8312d6b57d6b4 cheaty-sync-bot ships a clipboard-sync CLI that hardcodes a single Telegram bot token index.js:10 owned by the package author. There is no...
PT-2026-41891
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...