Astra Linux - уязвимость в linux, linux-5.10

A issue was discovered in the Linux kernel through version 5.16-rc6. The function uapifinalize in drivers/infiniband/core/uverbsuapi.c lacks a check for the function kmallocarray...

CVE-2020-10116

cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls SEC-541...

CVE-2020-10117

cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace SEC-542...

EUVD-2019-5617

Malware in sbrugna...

EUVD-2020-2580

Malware in sbrugna...

EUVD-2020-2579

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-3105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel through 5.16-rc6. uapifinalize in drivers/infiniband/core/uverbsuapi.c lacks check of kmallocarray. CVE-2022-3105 No...

CVE-2022-49935

In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later Previously when we added a fence to a dmaresv object we always assumed the the newer than all the existing fences. With Jason's work to add an UAPI to explicit export/impor...

SUSE CVE-2022-49935

In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later Previously when we added a fence to a dmaresv object we always assumed the the newer than all the existing fences. With Jason's work to add an UAPI to explicit export/impor...

CVE-2019-14411

cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI SEC-473...

CVE-2019-14412

Maketext in cPanel before 78.0.2 allows format-string injection in the DCV checkdomainsviadns UAPI SEC-474...

CVE-2025-21840 thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header

In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool 1, which uses the THERMALGENLATTRCPUCAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault...

CVE-2024-53196

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Don't retire aborted MMIO instruction Returning an abort to the guest for an unsupported MMIO access is a documented feature of the KVM UAPI. Nevertheless, it's clear that this plumbing has seen limited testing, since...

CVE-2024-53196

CVE-2024-53196 affects the Linux kernel (arm64/KVM). The issue is that KVM could retire an aborted MMIO instruction and advance the PC even when a synchronous external abort was pending, triggering a kernel WARN in kvm_emulate.h and related call paths. The documented fix is to skip MMIO emulation...

CVE-2024-50163

In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpfredirect flags don't overlap The bpfredirectinfo is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri-flags field specifically,...

CVE-2024-47702

In the Linux kernel, the following vulnerability has been resolved: bpf: Fail verification for sign-extension of packet data/dataend/datameta syzbot reported a kernel crash due to commit 1f1e864b6555 "bpf: Handle sign-extenstin ctx member accesses". The reason is due to sign-extension of 32-bit...

CVE-2024-46837

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

CVE-2024-44993

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix out-of-bounds read in v3dcsdjobrun When enabling UBSAN on Raspberry Pi 5, we get the following warning: 387.894977 UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3dsched.c:320:3 387.903868 index 7 is out of...

CVE-2024-36244 net/sched: taprio: extend minimum interval restriction to entire cycle too

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time...

CVE-2024-35970 af_unix: Clear stale u->oob_skb.

In the Linux kernel, the following vulnerability has been resolved: afunix: Clear stale u-oobskb. syzkaller started to report deadlock of unixgclock after commit 4090fa373f0e "afunix: Replace garbage collection algorithm.", but it just uncovers the bug that has been there since commit 314001f0bf9...