726 matches found
EUVD-2026-40960
In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fillpool in early boot hardirq context When booting a debug PREEMPTRT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...
CVE-2026-53036
A flaw was found in the Linux kernel. Specifically, an off-by-one error exists in the BPF Berkeley Packet Filter JIT Just-In-Time compiler when handling immediate values for branch instructions on ARM64 architectures. This vulnerability allows the system to process values outside their intended...
CVE-2026-6330
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...
CVE-2026-6330 ML-KEM ARM64 NEON ciphertext comparison only compares half of the input
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...
CVE-2026-6330
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...
CVE-2026-6330
CVE-2026-6330 : In ML-KEM targeting ARM64 NEON, the ciphertext comparison only checks half of the input. This breaks the Fujisaki-Okamoto transform’s implicit rejection, weakening IND-CCA2 security on that path. The constant-time comparison thus ignores part of the re-encrypted ciphertext, allowi...
EUVD-2026-39228
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walks1 and kvmwalknesteds2 expect to be called while holding kvm-srcu to guard against memslot changes. While this is generally the case,...
CVE-2026-53036
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...
CVE-2026-53036
The CVE-2026-53036 issue concerns the Linux kernel BPF JIT on ARM64. check_imm(bits, imm) erroneously allowed a signed N-bit range of [-2^N, 2^N), effectively giving an (N+1)-bit range, which permits values in [2^18, 2^19) for imm19 (and similarly for imm26) to slip through. This caused potential...
CVE-2026-53036 bpf, arm64: Fix off-by-one in check_imm signed range check
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: arm64: Set nocfi on swsusparchresume A DABT was reported1 on an Android-based system when resuming from hibernation. This occurs because swsusparchsuspendexit is marked with SYMCODE, and it does not have a CFI hash. However,...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: tty: ttybuffer: Fixed the soft lockup issue in flushtoldisc. When running the ltp testcase ltp/testcases/kernel/pty/pty04.c with arm64, there is a soft lockup. The detailed call trace is as follows: Workqueue: eventsunbound →...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handles PLTs. Sometimes it is necessary to use a PLT entry to call a ftrace trampoline. This is handled by ftracemakecall and ftracemakenop, both of which have almost identical logic. However, this is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: The function eagerly init vgic dist/redist on vgic creation is vulnerable. If the vgicallocateprivateirqslocked function fails for any reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialized. The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: A BTI error was fixed when returning to the patched function. When BPFTRAMPFCALLORIG is set, the BPF trampoline uses BLR to jump back to the instruction next to the call site, in order to call the patched function. Fo...
Astra Linux – Vulnerability in Firefox, Thunderbird
Inconsistent data in the instruction and data cache when creating Wasm code can lead to a potentially exploitable crash.This bug only affects Firefox on ARM64 platforms.. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
Uncontrolled Recursion
Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...
2026-06 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5094127)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
2026-06 .NET 8.0.28 Security Update for ARM64 Client (KB5097149)
2026-06 .NET 8.0.28 Security Update for ARM64 Client KB5097149...