195 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Initialization of ddpcomp using devmkcalloc In the case where connroutes is true, an additional slot is allocated in the ddpcomp array. However, the mtkdrmcrtccreate function never seems to initialize this slot duri...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Input: uinput – zero-initializing uinputff UploadCompat to prevent information leakage. The struct ffeffectcompat is embedded twice within uinputff UploadCompat and contains internal padding. In particular, there is a gap after...
Use of Password Hash With Insufficient Computational Effort
Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the encrypt process. An attacker can compromise the confidentiality and integrity of synced bookma...
GHSA-G29V-Q6H7-76WH electerm's encrypt method not safe enough
Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...
EUVD-2026-28714
In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...
CVE-2026-43408
In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...
CVE-2026-43356
In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...
UBUNTU-CVE-2026-43408
In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...
CVE-2026-43408
In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...
CVE-2026-43408 ceph: add a bunch of missing ceph_path_info initializers
In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...
CVE-2026-43408
CVE-2026-43408 concerns the Linux kernel Ceph path handling: a missing zero-initialization of ceph_path_info before ceph_mdsc_build_path() calls can lead to crashes when ceph_mdsc_free_path_info() is invoked on error paths. Multiple code paths lacked proper initializers; the recommended fix is to...
EUVD-2026-27586
In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...
SUSE CVE-2026-43055
In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...
Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: mwifiex: The chanstats array is initialized to zero. The adapter-chanstats array is initialized in mwifiexinitchannelscangap, using vmalloc. However, this approach does not zero out the memory. The array is filled in during...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: comedi: Fix initialization of data for instructions that write to subdevice Some Comedi subdevice instruction handlers are known to access instruction data elements beyond the first insn-n elements in some cases. The doinsnioctl...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Fixed the issue where uninitialized values were used in the extentinfo structure during the isextentmergeable and isbackmergeable functions, through the read extent tree path. The root cause is that the getreadextentinfo...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node0 at initialization After commit 61167ad5fecdea "mm: pass nid to reservebootmemregion" we get a panic if DEFERREDSTRUCTPAGEINIT is enabled: 0.000000 CPU 0 Unable to handle kernel pagin...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchipsaradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses...
Linux Distros Unpatched Vulnerability : CVE-2026-43035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: sched: clsapi: fix tcchainfillnode to initialize tcminfo to zero to prevent an info-leak When building netlink messages, tcchainfillnode never initializes...