CVE-2023-54246 rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle()

In the Linux kernel, the following vulnerability has been resolved: rcuscale: Move rcuscalewriter scheduletimeoutuninterruptible to idle The rcuscale.holdoff module parameter can be used to delay the start of rcuscalewriter kthread. However, the hung-task timeout will trigger when the timeout...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that txlock may cause a task to hang for an extended period of time, potentially resulting in a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the rcuscale.holdoff parameter when set too large, which can lead to a task blocking timeout...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992382)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992382 advisory. In the Linux kernel, the following vulnerability has been resolved: parisc: led: Fix potential null-ptr-deref in starttask starttask calls createsinglethreadworkqueu...

Unity Linux 20.1060e Security Update: kernel (UTSA-2025-992475)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992475 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATARESET We found a hungtask bug in testaeadveccfg as...

PT-2025-54075

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc1-00134-gb9ed6de8d4ff 7 Description The Linux kernel contains a flaw within the rcuscale functionality. Specifically, the rcuscale.holdoff module parameter can be manipulated to delay the start of the rcu...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992219)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992219 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix task hung in ext4xattrdeleteinode Syzbot reported a hung task problem:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992580)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992580 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balanc...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992185)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992185 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the...

EUVD-2025-205643

A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been...

CVE-2025-15202

A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been...

CVE-2025-15202 SohuTV CacheCloud TaskController.java taskQueueList cross site scripting

A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the function taskQueueList in the file src/main/java/com/sohu/cache/web/controller/TaskController.java...

GHSA-J4P8-H8MH-RH8Q Self-hosted n8n has Legacy Code node that enables arbitrary file read/write

Impact In self-hosted n8n instances where the Code node runs in legacy non-task-runner JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node. This allows a workflow editor to perform actions on the n8n host with...

Self-hosted n8n has Legacy Code node that enables arbitrary file read/write

Impact In self-hosted n8n instances where the Code node runs in legacy non-task-runner JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node. This allows a workflow editor to perform actions on the n8n host with...

GHSA-62R4-HW23-CC8V n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process...

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process...

Airflow externalLogUrl Permission Bypass

1. Summary The externalLogUrl endpoint in Airflow’s FastAPI enforces only the weaker Task Instance access permission TASKINSTANCE instead of the intended Task Logs permission TASKLOGS. As a result, low-privileged users who are not authorized to view task logs can still obtain external log access...

CVE-2023-54028

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the error "trying to register non-static key in rxecleanuptask" In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like rxeinittask are not setup until rxeqpinitreq. If an error...

CVE-2022-50705

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as that might be off soft/hard irq context. Defer the calls to when we process the taskwork for this request. That avoids valid...