127 matches found
CVE-2026-52980
A flaw was found in the Linux kernel's sched/fair scheduler. When a new schedentity is forked, its reldeadline may be unexpectedly set, leading to an abnormally large deadline value. If the task later calls schedyield, this inflated deadline can cause an overflow in vruntime calculations. This ca...
EUVD-2026-38848
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Clear reldeadline when initializing forked entities A yield-triggered crash can happen when a newly forked schedentity enters the fair class with se-reldeadline unexpectedly set. The failing sequence is: 1. A task is...
CVE-2026-52980
The CVE-2026-52980 issue affects the Linux kernel’s CFS scheduler: when forking a task, rel_deadline may be inherited in sched_entity, causing a relative deadline to be treated as absolute during the first enqueue. This leads to an inflated vruntime after yield_task_fair(), potential overflow of ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fixed the issue with zerovruntime tracking. John reported that stress-ng-yield could cause his machine to behave abnormally. He managed to bisect the process to commit the change identified as b3d99f43c72b „sched/fair...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: Avoid stalls in fqpietimer When setting a high number of flows limit being 65536, fqpietimer currently uses too much time, as reported by syzbot. Add logic to yield the CPU every 2048 flows less than 150...
EUVD-2026-30086
vm2 Has a Sandbox Breakout Using Async Generator...
GHSA-248R-7H7Q-CR24 vm2 Has a Sandbox Breakout Using Async Generator
Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details It is possible to catch a host exception using the yield expression inside an async generator. When the...
Arbitrary Code Injection
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the yield iterator inside an async generator. An attacker can execute arbitrary commands on the host...
CVE-2026-45411
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...
CVE-2026-45411 vm2: Sandbox Breakout Using Async Generator
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...
CVE-2026-45411
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...
CVE-2026-45411 vm2: Sandbox Breakout Using Async Generator
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...
CVE-2026-45411
vm2 is a Node.js sandbox; prior to 3.11.3, an async generator yield* can cause host exceptions to escape the VM when the generator is closed with return, with exceptions from then being routed to the yield* iterator as the next value, enabling arbitrary host commands. This is fixed in 3.11.3. The...
SUSE CVE-2026-43323
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...
Linux Distros Unpatched Vulnerability : CVE-2026-43323
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his...
PT-2026-40731
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.3 Description A sandbox breakout allows attackers to execute arbitrary commands on the host system. This occurs because a host exception can be caught using the yield expression within an async generator. When the...
EUVD-2026-28607
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...
CVE-2026-43323
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...
UBUNTU-CVE-2026-43323
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...
CVE-2026-43323 sched/fair: Fix zero_vruntime tracking fix
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...