Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths When the HBA is undergoing a reset or is handling an errata event, NULL pointer dereference may cause crashes in routines such as lpfcsliflushiorings,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Fixed use-after-free bugs caused by scosocktimeout. When the sco connection is established, the sco sock is released. At that time, timeoutwork is scheduled to determine whether the sco disconnection is timed out. T...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: sunrpc: Clearing the XPRTSOCKUPDTIMEOUT when resetting the transport. Since the transport-sock has been set to NULL during the reset of the transport, the XPRTSOCKUPDTIMEOUT also needs to be cleared. Otherwise, the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/lima: The mask for IRQs is set in the timeout path before a hard reset. There is a race condition in which a rendering job may take just long enough to trigger the timeout handler for the DRM sched job, but it still completes...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: TCP: Avoid transmitting too many retransmitted packets. If a TCP socket uses TCPUSERTIMEOUT, and the other peer retracts its window to zero, tcpretransmittimer may transmit a packet every two milliseconds for HZ=1000, which can...

Astra Linux - Vulnerability in linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction and store it in the nftables per-netns area. Update the set backend’s .insert, .deactivate, and sync gc...

Azure Linux 3.0 Security Update: kernel (CVE-2024-49963)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49963 advisory. - In the Linux kernel, the following vulnerability has been resolved: mailbox: bcm2835: Fix timeout during...

CVE-2021-35094

Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...

DEBIAN-CVE-2023-52924

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...

CVE-2023-52924

CVE-2023-52924 describes a Linux kernel vulnerability in nf_tables/netfilter where expired elements were wrongly skipped during a set walk, causing use-count inconsistencies and potential WARNs during chain removal. The issue arises in asymmetry between preparation/commit phases when a set elemen...

CVE-2024-28252

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can...

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to an incorrect session timeout restriction, allowing attackers to gain unauthorized access to the system.

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect time-out restrictions on sessions. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the system using o...

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2024-7264: ASN.1 date parser overread bsc1228535 CVE-2024-6197: Freeing stack buffer in utf8asn1str bsc1227888 CVE-2024-2379: QUIC certificate check bypass with wolfSSL bsc1221666 CVE-2024-2466: TLS certificate check bypa...

Denial-of-Service (DoS)

github.com/hashicorp/yamux is vulnerable to a Denial-of-Service DoS. The vulnerability is due to improper handling of connection timeouts due to Stream.Read calls hanging indefinitely if a corresponding Stream.Write call times out under network congestion, leading to stalled sessions and requirin...

Advantive VeraCore 安全漏洞

Advantive VeraCore is a SaaS order and warehouse management software from Advantive. A security vulnerability exists in Advantive VeraCore version 2025.1.0 and earlier, which stems from the presence of an SQL injection in timeoutWarning.asp that allows remote attackers to execute arbitrary SQL...

Bluetooth: SCO: Fix UAF on sco_sock_timeout

...

sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport

...

Bluetooth: ISO: Fix UAF on iso_sock_timeout

...

GO-2025-3408 WITHDRAWN: DefaultConfig has dangerous defaults causing hung Read in github.com/hashicorp/yamux

This report has been withdrawn with reason: "By request of maintainer in https://github.com/golang/vulndb/issues/3453". The default values for Session.config.KeepAliveInterval and Session.config.ConnectionWriteTimeout of 30s and 10s create the possibility for timed out writes that most aren't...

PT-2025-5649 · Go · Go

Name of the Vulnerable Software and Affected Versions: go affected versions not specified Description: The issue arises from the default values of Session.config.KeepAliveInterval and Session.config.ConnectionWriteTimeout, which can cause timed out writes that are not handled properly by readers...