EUVD-2026-38904

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...

EUVD-2026-38936

In the Linux kernel, the following vulnerability has been resolved: drm/komeda: fix integer overflow in AFBC framebuffer size check The AFBC framebuffer size validation calculates the minimum required buffer size by adding the AFBC payload size to the framebuffer offset. This addition is performe...

Honeywell PM43 Printers - Command Injection

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 e.g. P10.19.050006 id:...

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

SUSE SLES12 Security Update : kernel (SUSE-SU-2026:2450-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2450-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263:...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ARM: OMAP2+: display: Fixed refcount leak bug In omapdssinitfbdev, offindnodebyname will return a node pointer with the refcount incremented. We should use ofnodeput when it is no longer needed...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Firmware: armffa – Set dmamask for FFA devices. Setting dmamask for FFA devices is necessary; otherwise, DMA allocation using the device pointer may lead to the following warning: WARNING: CPU: 1, PID: 1, at...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fixed a possible null pointer dereferencing issue. In malidpmwconnectorreset, new memory is allocated using kzalloc, but no checks are performed. To prevent null pointer dereferencings, ensure that mwstate is...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fixed SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to NTARMSVE regset can place the tracee into an invalid state. In this state, non-streaming SVE register data i...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm/crc-t10dif: fixed the use of an array that was used outside of its scope in crct10difarch. A silly bug was also fixed, where an array was used beyond its scope...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel before version 5.19, the file drivers/gpu/drm/arm/malidpplanes.c misinterprets the return value of getsgtable. It expects the return value to be NULL in the error case, but in reality, it is an error pointer...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ARM: OMAP2+: pdata-quirks: Fixed a refcount leak bug In pdataquirksinitclocks, the loop contains offindnodebyname, but there is no corresponding ofnodeput...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fixed the issue of a memory leak caused by the failure to remove generic power domains when the ofgenpdaddprovideronecell function fails during probing. If the ofgenpdaddprovideronecell function fails during...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fixed the descriptor address in kvmatswapdesc Using “u64 user hva + offset” to obtain the virtual addresses of S1/S2 descriptors seems incorrect, especially when offset is not zero. What we actually want to get for...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several issues with the way the hyp code lazily saves the host’s FPSIMD/SVE state. These include: The host SVE state is unexpectedly discarded due to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: arm/poly1305 – Fixed register corruption in no-SIMD contexts. The SIMD usability check, which was removed with the commit 773426f4771b „crypto: arm/poly1305 – Added block-only interface“, has been restored. This safet...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear the FFR context field in streaming SVE mode The FFR is a predicate register whose size can range from 16 to 256 bits, depending on the configured vector length. When saving the SVE state in streamin...

Astra Linux – Vulnerability in Xen

A issue was discovered in Xen versions 4.9 through 4.14.x. On the ARM architecture, a guest can control whether memory accesses bypass the cache. This means that Xen needs to ensure that all writes such as those during scrubbing have reached the memory before handing over the page to the guest...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm: pgtable: Fix for NULL pointer dereference issue. When updatemmucacherange is called by updatemmucache, the vmf parameter is NULL, which can lead to a NULL pointer dereference issue in adjustpte. It is not possible to handle...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy. For some reason, the driver that added support for the Exynos5420 MIPI phy back in 2016 was not applied to the Exynos5420 device, resulting in a kernel panic. Th...