CVE-2026-43314

In the Linux kernel, the following vulnerability has been resolved: dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 "blk-mq: move failure injection out of blkmqcompleterequest", drivers are responsible for calling blkshouldfaketimeout at appropriate code paths and...

UBUNTU-CVE-2026-43314

In the Linux kernel, the following vulnerability has been resolved: dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 "blk-mq: move failure injection out of blkmqcompleterequest", drivers are responsible for calling blkshouldfaketimeout at appropriate code paths and...

CVE-2026-43314

In the Linux kernel, the following vulnerability has been resolved: dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 "blk-mq: move failure injection out of blkmqcompleterequest", drivers are responsible for calling blkshouldfaketimeout at appropriate code paths and...

CVE-2026-43314 dm: remove fake timeout to avoid leak request

In the Linux kernel, the following vulnerability has been resolved: dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 "blk-mq: move failure injection out of blkmqcompleterequest", drivers are responsible for calling blkshouldfaketimeout at appropriate code paths and...

CVE-2026-43314

In the Linux kernel, the following vulnerability has been resolved: dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 "blk-mq: move failure injection out of blkmqcompleterequest", drivers are responsible for calling blkshouldfaketimeout at appropriate code paths and...

CVE-2026-43314

CVE-2026-43314 affects the Linux kernel device mapper (dm) driver. The issue arises when an I/O timeout failure is injected into a dm device; because dm does not implement its own timeout handler, the request can leak and hang indefinitely. The root cause is the presence of blk_should_fake_timeou...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from race conditions in the DMA ring dequeuing path. This could lead to interference between multiple...

PT-2026-39165

Summary When the Timeoutable module is enabled in Devise, the FailureAppredirect url method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET request that results in a session timeout. An attacker who hosts a page with an...

PT-2026-39182

Name of the Vulnerable Software and Affected Versions Devise versions 5.0.3 and earlier Description When the Timeoutable module is enabled, the FailureAppredirect url method returns the request.referrer the HTTP Referer header without validation for any non-GET request that results in a session...

PT-2026-38956

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the dm driver, the failure to implement its own timeout handler while relying on slave devices leads to an issue where requests are leaked and never completed if an io-timeout-fail...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of the usbtmc driver to call usbbulkmsg with a timeout value specified by the user. This...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the dm driver’s failure to implement timeout handling and its reliance on slave devices. When an...

PT-2026-39089

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The usb control msg, usb bulk msg, and usb interrupt msg APIs in usbcore allow unlimited timeout durations. Because these APIs utilize uninterruptible waits, a task can be hung...

PT-2026-39072

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A divide-by-zero exception occurs in the tipc sk filter connect function. A user can set the conn timeout variable to a value between 0 and 3 using setsockoptTIPC CONN TIMEOUT. When a SY...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the conntimeout value being less than 4 in the tipcskfilterconnect function, leading to a zero...

Linux Distros Unpatched Vulnerability : CVE-2026-43428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout...

Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

Summary When the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET request that results in a session timeout. An attacker who hosts a page with an...

Linux Distros Unpatched Vulnerability : CVE-2026-43314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 blk-mq: move failure injection out of blkmqcompleterequest, drivers are responsible for...

NPM: vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

NPM: vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

Allocation of Resources Without Limits or Throttling

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Buffer.alloc family in lib/setup-sandbox.js. An attacker can crash the host process ...