PT-2026-37284

Name of the Vulnerable Software and Affected Versions Open edx Enterprise Service versions 7.0.2 through 7.0.4 Description An authenticated user with the Enterprise Admin role can trigger a server-side HTTP request. By using the 'SAMLProviderConfigViewSet' PATCH endpoint, a user can set the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fixed the timeout for enabling the video signal The ASTDP transmitter sometimes takes up to 1 second to enable the video signal, while the timeout is only 200 msec. This results in a kernel error message. The...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Driver Core: Fixed the interaction between waitfordeviceprobe and deferredprobetimeout. The mounting of NFS rootfs timed out when deferredprobetimeout was non-zero 1. This occurred because the ipautoconfig initcall timed out...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fixed a crash in fnicwqcmplhandler when FDMI times out. When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. Upon completion of the sending process, this leads to a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: ucsiacpi: The command completion timeout has been increased. The commit 130a96d698d7 “usb: typec: ucsi: acpi: Increase command completion timeout value” increased the timeout from 5 seconds to 60 seconds due to issues relate...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: Fixed an infinite busy loop after the timeout has expired. After the commit 0a65bc27bd64 “eventpoll: Sets the epoll timeout if it’s in the future”, the following program would immediately enter a busy loop in the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolved TX timeout error in power save stress test This fixes the TX timeout issue that occurred during a stress test run on btnxpuart for several hours. As a result, the interval between two HCI commands...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the timeout of a call that has not yet been granted a channel. The afsmakecall function calls rxrpc.kernelbegincall to initiate a call which may get stalled in the background while waiting for a connection to become...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rcuscale: Move rcuscalewriter’s scheduletimeoutuninterruptible function to idle. The rcuscale.holdoff module parameter can be used to delay the start of rcuscalewriter’s kthread. However, the hung-task timeout will trigger when t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement a reference counter for SRB The timeout handler and the done function are competing with each other. When qla2x00asynciocbtimeout starts to execute, it may be preempted by the normal response path via the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad – Fixing timeout handling When the CPU on which the QSPI interrupt handler runs typically CPU 0 is excessively busy, it can lead to rare cases where the IRQ thread does not run before the transfer timeout is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: igc: Fix Kernel Panic during ndotxtimeout callback The Xeon validation group has been carrying out some loaded tests with various HW configurations, and they have seen some transmit queue time out happening during the test. This...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: bcm2835spihandleerr: Fixed the issue of NULL pointer dereferencing for non-DMA transfers. If an IRQ-based transfer times out, the bcm2835spihandleerr function is called. Since commit 1513ceee70f2 “spi: bcm2835: Drop...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Block layer: The feature of freezing the request queue from within sysfs store callbacks has been removed. Freezing the request queue may cause a deadlock when combined with the dm-multipath driver and the queueifnopath option...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpfastopenblackholetimeout. When reading sysctltcpfastopenblackholetimeout, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fixed a race condition between ufshcdmcqabort and the ISR. If a command timeout occurs and the cq complete IRQ is raised at the same time, ufshcdmcqabort clears the lprb-cmd, and a NULL pointer dereferencing occu...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed the use-of-memory issue in nreq in reqsktimerhandler. The referenced commit replaced inetcskreqskqueuedropandput with inetcskreqskqueuedrop and reqskput in reqsktimerhandler. Next, oreq should be passed to reqskput...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: do not free live element Pablo reported a crash when processing large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: addelem"00000000" timeout 100 ms ... addelem"0000000X"...

Astra Linux – Vulnerability in Linux, Linux 5.10

A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: block: nullblk: end timed out poll request When a poll request times out, it is removed from the poll list. However, since the request is not completed, it becomes exposed and never gets a chance to be processed. This issue is...