1773 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: Fixed rcutasks stall in threaded busypoll I was debugging a NIC driver when I noticed that when I enabled threaded busypoll, bpftrace hung during startup. The output from dmesg was as follows: rcutaskswaitgp: rcutasks grace...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: BPF: Fixed a deadlock between rcutasks Trace and eventmutex. Fixed the following deadlock: CPU A freeevent perfkprobedestroy mutexlock&eventmutex perfTraceEventUnreg synchronizercuTasksTrace There are several paths where...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: um: initcputasks earlier. This issue is currently addressed in umlfinishsetup. However, for example, when KCOV is enabled, this can still cause crashes, as some initialization code may call functions like memparse, which have...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: “sched/fair: Make sure to try to detach at least one movable task” has been reverted. This reversion is associated with the commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. The patch b0defa7ae03ec changed the load balancing logic...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7921s – Fixed the issue where potentially hung tasks might occur during chip recovery. During chip recovery e.g., chip reset, there is a possibility that the kernel worker resetwork holds a lock and waits for the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Reworked the handling of long task execution when adding/ deleting entries. When adding or deleting a large number of elements in one step using ipset, it may take considerable time, and soft lockup errors can...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Media: imon: Make sendpacket more robust syzbot reports that imon has three problems that result in hung tasks due to continuously holding the device lock 1. The first problem is that when usbrxcallbackintf0 encounters an...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Block: Fix for a race condition between wbtenabledefault and IO submission. When wbtenabledefault is executed outside of the queue freezing mechanism in elevatorchange, it can cause the wbt inflight counter to become negative -1,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fixed an issue where the non-existent percpu rtpcp variable was accessed in rcutasksneedgpcb. For kernels built with CONFIGFORCENRCPUS=y, nrcpuids is defined as NRCPUS instead of the number of possible CPUs. This can...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring: fail cancellation for EXITING tasks WARNING: CPU: 1 PID: 20 at fs/iouring.c:6269 iotrycanceluserdata+0x3c5/0x640 fs/iouring.c:6269 CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkaller 0 Workqueue: events...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, and Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fixed NULL pointer access issues. This patch ensures that the UCSI driver waits for all pending tasks in the ucsidisplayportwork workqueue to complete execution before proceeding with the partner...
Be Kind, Rewrite: Benign Projections Via Rewriting Defend against LLM Data Poisoning Attacks
Large language models LLMs are highly susceptible to backdoor attacks BAs, wherein training samples are poisoned using trigger-based harmful content. Furthermore, existing defenses have proven ineffective when extensively tested across BA patterns. To better combat BAs, we explore the use of LLM...
ALSA-2026:A009 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-46300 kernel: ptrace: require CAPSYSPTRACE when task has no mm CVE-2026-46333 For more details about the...
CVE-2026-45399
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...
EUVD-2026-30608
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...
CVE-2026-45399 Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...
CVE-2026-45399 Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...
CVE-2026-45399
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...
CVE-2026-45399
Open WebUI CVE-2026-45399 describes a broken authorization gap in multi-user deployments: before release 0.9.0, authenticated, low-privilege users could enumerate and stop global background tasks via GET /api/tasks and POST /api/tasks/stop/{task_id}, impacting integrity and availability across us...
CVE-2026-46333
In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'getdumpable' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an...