Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle the deactivation of DBCs when the owner leaves. When a DBC is released, the device sends a QAICTRANSDEACTIVATEFROMDEV transaction to the host via the QAICCONTROL MHI channel. QAIC handles this by calling...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a use-after-free after failing to create a snapshot. In ioctl.c’s createsnapshot function, we allocate a pending snapshot structure and then attach it to the transaction’s list of pending snapshots. After that, we ca...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fixed memory leaks in EVTTRANSACTION handling Error paths do not free the previously allocated memory. Add devmkfree to those failure paths...

CVE-2026-43007 accel/qaic: Handle DBC deactivation if the owner went away

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAICTRANSDEACTIVATEFROMDEV transaction to the host over the QAICCONTROL MHI channel. QAIC handles this by calling...

USN-8195-2 packagekit vulnerability

USN-8195-1 fixed a vulnerability in PackageKit. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that PackageKit incorrectly handled certain transactions. A local attacker could use this issue to install arbitrary packages as root,...

PT-2026-31948

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description A flaw exists in Vikunja before version 2.3.0 related to the Time-based One-Time Password TOTP failed-attempt lockout mechanism. A database transaction handling bug prevents the account lockout from...

UBUNTU-CVE-2026-23272

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unconditionally bump set-nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be walking over it...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from improper transaction handling that could lead to a reference count underflow...

CVE-2023-53526 jbd2: check 'jh->b_transaction' before removing it from checkpoint

In the Linux kernel, the following vulnerability has been resolved: jbd2: check 'jh-btransaction' before removing it from checkpoint Following process will corrupt ext4 image: Step 1: jbd2journalcommittransaction jbd2journalinsertcheckpointjh, committransaction // Put jh into trans1-tcheckpointli...

CVE-2022-29738

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send=, id...

Linux Distros Unpatched Vulnerability : CVE-2022-48997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: char: tpm: Protect tpmpmsuspend with locks Currently tpm transactions are executed...

CVE-2025-21753 btrfs: fix use-after-free when attempting to join an aborted transaction

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fsinfo-translock and without holding any...

CVE-2024-52913

In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled...

CVE-2024-52913

Bitcoin Core prior to 0.21.0 is affected. An attacker could prevent a node from seeing a specific unconfirmed transaction because transaction re-requests are mishandled (CVE-2024-52913). The Red Hat advisories confirm the same impact. The CVSS indicates network attack vector, low complexity, no p...

kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction

A use-after-free flaw was found in the Linux kernel’s nftables sub-component due to a race problem between the set GC and transaction in the Linux Kernel. This flaw allows a local attacker to crash the system due to a missing call to nftsetelemmarkbusy, causing double deactivation of the element...

CVE-2023-1095

In nftablesupdtable, if nftablestableenable returns an error, nfttransdestroy is called to free the transaction object. nfttransdestroy calls listdel, but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference...

SUSE CVE-2022-42325

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...

DEBIAN-CVE-2022-42325

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...