CVE-2026-53277

The CVE-2026-53277 issue affects the Linux kernel KVM arm64 path. walk_s1() and kvm_walk_nested_s2() are expected to run with kvm->srcu held to guard memslot changes, but __kvm_at_s12() and __kvm_find_s1_desc_level() invoke these walkers without acquiring SRCU. The fix adds acquiring kvm->s...

EUVD-2026-39291

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: The kexecbuf structure was previously declared without initialization. The patch series “kexec: Fix invalid field access” addresses this issue. The kexecBuf structure was declared without being initialized. The comm...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Misc: pciendpointtest: Fixed the panic that occurs when calling pciendpointtestcopy,write,read The dmamapsingle function does not allow zero-length mappings. This causes a panic. A panic was reported on the arm64 architecture:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: Set UXN on swapper page tables This issue was accidentally fixed upstream via c3cee924bd85 "arm64: head: cover the entire kernel image in the initial ID map", as part of a major refactoring of the arm64 boot process. This...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden the getcpuforacpiid function to prevent errors when a missing CPU entry is used. During a review discussion of the changes to support vCPU hotplug, it was noted that a check was added to ensure the GICC Global...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: arm64: Do not call NULL in docompatalignmentfixup. doalignmentt32tohandler only fixes alignment faults for specific instructions; otherwise, it returns NULL e.g., for LDREX. When this occurs, a signal is sent to the caller...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fixed the incorrect assignment of a signed error value to unsigned fwlevel. Although the acpifindlastcachelevel function always returns a signed value, and the documentation states that it will return any errors...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: sched/core: A use-after-free bug has been fixed in dupusercpusptr. Since commit 07ec77a1d4e8 “sched: Allows task CPU affinity to be restricted on asymmetric systems”, the setting and clearing of usercpusptr are performed under...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTESHARED on GCS mappings if FEATLPA2 is enabled When FEATLPA2 is enabled, bits 8-9 of the PTE replace the shareability attribute with bits 50-51 of the output address. The PAGEGCS,RO definitions include th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: set exceptionirqentry with irqentry as a default. filterirqstacks is supposed to remove entries that are related to irq entries from its call stack. And inirqentrytext, which is called by filterirqstacks, uses...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fixed SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to NTARMSVE regset can place the tracee into an invalid state. In this state, non-streaming SVE register data i...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Signal: Fix for restoring SVE context When SME is supported, restoring the SVE signal context can fail in several ways. This can result in the task being placed in an invalid state, where the kernel might read from...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: padata: The handling of refcnts in padatafreeshell has been fixed. In a high-load Arm64 environment, the pcryptaead01 test in LTP can lead to system UAF Use-After-Free issues. Due to the lengthy analysis of the pcryptaead01...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check whether the vCPU is not NULL in vgicv2parseattr. vgicv2parseattr is responsible for finding the vCPU that matches the user-provided CPUID. This CPUID may, of course, be invalid. If the ID is invalid,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: arm64/poly1305 – Fixed register corruption in no-SIMD contexts. The SIMD usability check, which was removed with the commit a59e5468a921, has been restored. “crypto: arm64/poly1305 – Added a block-only interface.” Thi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: arm64: probes: Fixed the uprobes for big-endian kernels The arm64 uprobes code is broken for big-endian kernels because it does not convert the in-memory instruction encoding which is always little-endian into the kernel’s...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Mitigation is only applied to cBPF programs loaded by unprivileged users. Support for eBPF programs loaded by unprivileged users is typically disabled. This means that only cBPF programs need to be mitigated for BHB...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50318)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50318 advisory. - net/tls: fix use-after-free in -EBUSY error path of tlsdoencryption Muhammad Alifa Ramdhan Orabug: 39543209 CVE-2026-31533 - net: fix fanout UAF...

Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability

Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core SignalR and Blazor Server. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service...