Astra Linux - уязвимость в node-marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def might cause catastrophic backtracking against certain strings, leading to a regular expression denial of service ReDoS attack. Any user who runs untrusted markdown using a vulnerable version of...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nfsd: Cancel nfsdshrinkerwork using sync mode in nfs4stateshutdownnet. In the normal case, when we execute echo 0 /proc/fs/nfsd/threads, the function nfs4statedestroynet in nfs4stateshutdownnet will release all resources related ...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: RISCV: Process: Fix kernel information leakage The s12 element of the threadstruct may contain random kernel memory contents, which could potentially be leaked to the user space. This is a security flaw. To address this issue,...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fixed a deadlock in r5lexitlog. The commit b13015af94cf “md/raid5-cache: Clear conf-log after finishing work” introduced a new problem: // The caller holds reconfigmutex r5lexitlog flushwork&log-disablewritebackwo...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: md/raid1: Stop the mdxraid1 thread when the raid1 array fails to run. When the raid1 array fails to run, we need to call mdunregisterthread before raid1free. However, the mdxraid1 thread continues to operate, even though the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: Added a check for a failure in kcalloc in parsethreadgroups. Since kcalloc may fail, it is necessary to check its return value to prevent a NULL pointer derefrence when passing it to ofpropertyreadu32array...

Astra Linux - уязвимость в mariadb-10.3

MariaDB Server before version 10.7 is vulnerable to Denial of Service attacks. In the file extra/mariabackup/dscompress.cc, when an error occurs pthreadcreate returns a non-zero value during the execution of the createworkerthreads method, the held lock is not released properly. This allows local...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: cifs: Fixed a UAF in cifsdemultiplexthread There is a UAF when performing xfstests on cifs: BUG: KASAN: Use-after-free in smb2isnetworknamedeleted+0x27/0x160 Reading a size 4 value at address ffff88810103fc08 by task cifsd/923...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: pdscore: The pdsccheckpcihealth function was fixed to use a work thread for execution. When the driver detects that fwstatus == 0xff, it attempts to perform a PCI reset on itself using the pciresetfunction function within the...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fixed improper pointer dereferencing when the error handler kthread is invalid The commit 66a834d09293 “scsi: core: Fixed error handling of scsihostalloc” changed the allocation logic to call putdevice to perform host...

Astra Linux - уязвимость в firefox, thunderbird

The concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a “use-after-free” condition, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: The kfreescalethread threads is stopped after unloading the rcuscale module. Running the ‘kfreercutest’ test case results in a fatal error. The root cause is that the kfreescalethread threads continues to run after...

Astra Linux - уязвимость в mariadb-10.3

MariaDB Server before version 10.7 is vulnerable to Denial of Service attacks. In the file extra/mariabackup/dscompress.cc, when an error occurs i.e., transitioning to the err label during the execution of the createworkerthreads method, the held lock thd-ctrlmutex is not released properly. This...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sksocket after free when sending messages. The sk-sksocket is not locked or referenced in the backlog thread. During the call to skbsendsock, there is a race condition involving the release of sksocket...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: refscale: Uninitialized use of waitqueueheadt was fixed. Running the refscale test occasionally causes the kernel to crash with the following error: 8569.952896 BUG: Unable to handle a page fault for address: ffffffffffffffe8...

Linux Distros Unpatched Vulnerability : CVE-2026-43392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schedext: Fix starvation of scxenable under fair-class saturation During scxenable, the READY - ENABLED task switching loop changes the calling thread's...

PT-2026-42135

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.14.0 through 1.25.0 Description A locking inconsistency occurs when specific conditions are met: the system is multi-threaded, an RPZ Response Policy Zone XFR Zone Transfer reload is performed, and an RPZ zone...

FreeBSD Security Advisory - FreeBSD-SA-26:19.file

FreeBSD Security Advisory - A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021645)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021645 advisory. In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthreadstop may prevent the threadfn from eve...

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...