sudo-rs -- Partial password reveal when password timeout occurs

Trifecta Tech Foundation reports: When typing partial passwords but not pressing return for a long time, a password timeout can occur. When this happens, the keys pressed are replayed onto the console...

kernel: can: isotp: split tx timer into transmission and timeout

In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: 1. send two consecutive frames with a given time gap 2. monitor the timeouts for flow control frame...

kernel: RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the warning "rxecleanup+0x12c/0x170 rdmarxe" The Call Trace is as below: " ? showregs.cold+0x1a/0x1f ? rxecleanup+0x12c/0x170 rdmarxe ? warn+0x84/0xd0 ? rxecleanup+0x12c/0x170 rdmarxe ? reportbug+0x105/0x180 ?...

USN-7867-1: sudo-rs vulnerabilities

It was discovered that sudo-rs incorrectly handled passwords when timeouts occurred and the pwfeedback default was not set. This could result in a partially typed password being output to standard input, contrary to expectations. It was discovered that sudo-rs incorrectly handled the targetpw and...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988710)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988710 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sastask Currently a use-after-free may occur if ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989150)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989150 advisory. In the Linux kernel, the following vulnerability has been resolved: audit: improve robustness of the audit queue handling If the audit daemon were ever to get stuck ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989995)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989995 advisory. In the Linux kernel, the following vulnerability has been resolved: driver core: Fix waitfordeviceprobe & deferredprobetimeout interaction Mounting NFS rootfs was...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988699)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988699 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: imx-sdma: Fix a possible memory leak in sdmatransferinit If the function sdmaloadconte...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989401)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989401 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/lima: mask irqs in timeout path before hard reset There is a race condition in which a...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989472)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989472 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpfastopenblackholetimeout. While reading...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990286)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990286 advisory. In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ibumad, which maintains...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988975)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988975 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling scoconn and use-after-free in scosocktimeout Connecting the same socket...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990315 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/lima: mask irqs in timeout path before hard reset There is a race condition in which a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990157)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990157 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988995)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988995 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989697)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989697 advisory. In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: denali: Use managed device resources All of the resources used by this driver has...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARNON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout that causes kernel panic when “paniconwarn” is enabled, and unnecessary call trace prints when...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: i2c: qup – jumping out of the loop in case of timeout. The original logic only sets the return value, but does not jump out of the loop if the bus remains active due to a malicious or buggy i2c client. This is unexpected. Such a...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath10k: Shutdown driver when hardware is unreliable In rare cases, ath10k may lose connection with the PCIe bus due to some unknown reasons, which could further lead to system crashes during reconnection due to watchdog...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 "efi/unaccepted: Fix soft lockups caused by parallel memory acceptance" has released the spinlock so other CPUs can do memory acceptance in parallel and n...