Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: i2c: qup: failing to exit from the loop in case of timeout. The original logic only sets the return value, but does not exit from the loop if the bus remains active due to a malicious or buggy i2c client. This is unexpected. Such...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: block: nullblk: end timed out poll request When a poll request times out, it is removed from the poll list. However, since the request is not completed, it becomes exposed and never gets a chance to be processed. This issue is...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add a step to move a job to the pending list if the reset operation was skipped. When a CL/CSD job times out, we check whether the GPU has made any progress since the last timeout. If so, instead of resetting the hardwar...

CLSA-2026-1778616298 redis: Fix of 2 CVEs

CVE-2026-23631: use-after-free in readSyncBulkPayload when a full resync happens while a timed-out script is still running on the replica - CVE-2026-25243: heap corruption and out-of-bounds reads in the RESTORE command deserialization path rdb.c, sds.c, zipmap.c...

CVE-2026-6848

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle...

CVE-2026-6848 Quay: red hat quay: authentication bypass allows privileged actions without valid credentials

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle...

CVE-2026-6848 Quay: red hat quay: authentication bypass allows privileged actions without valid credentials

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle...

PT-2026-34319

Name of the Vulnerable Software and Affected Versions Red Hat Quay affected versions not specified Description A flaw exists where the password re-verification prompt for sensitive operations, such as token generation or robot account creation, can be bypassed. This allows a user with a timed-out...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004953)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004953 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37951)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37951 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990496 advisory. In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ibumad, which maintains...

EUVD-2025-25530

Malicious code in bioql PyPI...

CVE-2023-53245 scsi: storvsc: Fix handling of virtual Fibre Channel timeouts

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to connect Fibre Channel LUNs to the host system and present them in a guest VM as a SCSI device. I/O to the vFC device is handled by the...

SUSE CVE-2025-38671

In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c client can hang th...

DEBIAN-CVE-2025-38671

In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c client can hang th...

SUSE CVE-2025-38017

In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 "eventpoll: Set epoll timeout if it's in the future", the following program would immediately enter a busy loop in the kernel: int main int e...

UBUNTU-CVE-2025-38017

In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 "eventpoll: Set epoll timeout if it's in the future", the following program would immediately enter a busy loop in the kernel: int main int e...

DEBIAN-CVE-2025-37951

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the time...

SUSE CVE-2022-49057

In the Linux kernel, the following vulnerability has been resolved: block: nullblk: end timed out poll request When poll request is timed out, it is removed from the poll list, but not completed, so the request is leaked, and never get chance to complete. Fix the issue by ending it in timeout...

PT-2025-5630 · Hashicorp · Yamux

Name of the Vulnerable Software and Affected Versions: github.com/hashicorp/yamux affected versions not specified Description: The issue concerns a potential denial of service due to timed out writes. When the default values for Session.config.KeepAliveInterval and...