Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reordering cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedule the spudmawork, and the spudmawork could also trigger the dreamcastcard-timer. When the sndpcmsubstream is closing, the...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Watchdog: sc520wdt: A possible use-after-free occurred in wdtturnoff. The remove method of this module calls deltimer. However, that function does not wait for the timer handler to complete. This means that the timer handler may...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Drivers: Staging: rtl8192eu: Fixed a deadlock in rtwjoinbsseventprehandle. There is a deadlock in rtwjoinbsseventprehandle, as shown below: Thread 1 | Thread 2 | settimer rtwjoinbsseventprehandle | modtimer spinlockbh //1 | Wait...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt, all online CPUs will be notified and set to offline. However, as highlighted in the commit 19dbdcb8039c “smp: Warn on function...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fixed a use-after-free bug in smpexecutetasksg When executing an SMP task fails, the smpexecutetasksg function calls deltimer to delete the “slowtask-timer” timer. However, if the timer handler sastaskinternaltimedo...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: fqpie: prevent dismantle issue For some reason, the fqpieDestroy function did not copy the working code from pieDestroy and other related functions, resulting in a persistent bug. Before calling...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: Timer – Do not take registermutex with copyfrom/touser. The infamous mmaplock taken during copyfrom/touser can often be problematic when it is called within another mutex, as this may lead to deadlocks. In the case of ALSA...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Watchdog: Fixed a possible use-after-free in wdtstartup. The remove path of this module calls deltimer. However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clockevents: Added missing resets to the nexteventforced flag. The mechanism used to prevent timer interrupts from being missed caused issues when the nexteventforced flag wasn’t reset in certain situations: - When the state of t...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: tcp/dccp: Do not use timerpending in reqskqueueunlink. Martin KaFai Lau reported a use-after-free in reqsktimerhandler. We are encountering a use-after-free related to a bpf program attached to tracetcpretransmitsynack. The...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: Cancel the mesh send timer when the hdev is removed The meshsenddone timer is not canceled when the hdev is removed, which can cause a crash if the timer triggers after the hdev is gone. Cancel the timer when...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netrom: Decreases the sock refcount when the sock timer expires. The commit 63346650c1a9 “netrom: switch to the sock timer API” switched to using the sock timer API. This replaced modtimer with skresettimer, and deltimer with...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsllpuart: fixed a race condition during RX DMA shutdown. From time to time, DMA completion can occur mid-way through the DMA shutdown process: : lpuart32shutdown lpuartdmashutdown deltimersync lpuartdmarxcomplete...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Fixed use-after-free bugs caused by pn532CmdTimeout. When the pn532 UART device is detached, the pn532uartRemove function is called. However, there are no functions in pn532uartRemove that can delete the cmdTimeout...

RXSA-2026:25121 Critical: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781 kernel: nbd: defer config unlock in nbdgenlconnect...

kernel-rt security update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

Malicious code in express-timer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4fd1651a86f29904cbafe5a1d50f51a3108413ce0fef61fd92cfc61dedc683 express-timer is a destructive supply-chain attack masquerading as an Express security-headers helper. Three independent harm mechanisms fire on...

MAL-2026-5555 Malicious code in express-timer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4fd1651a86f29904cbafe5a1d50f51a3108413ce0fef61fd92cfc61dedc683 express-timer is a destructive supply-chain attack masquerading as an Express security-headers helper. Three independent harm mechanisms fire on...

ROS-20260611-73-0023

The vulnerability of the videotimer function in the implementation of the remote desktop protocol FreeRDP is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

ROS-20260611-73-0024

The vulnerability of the videotimer function in the implementation of the remote desktop protocol FreeRDP is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause a service failure...