Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fixed a potential memory leak in “addwidgetnode”. Since “kobjectadd” may allocate memory for “kobject-name” when returning an error. In this function, if the call to “kobjectadd” fails, the memory is not freed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – A memory leak occurred due to multiple allocations of rxstats. rxstats for each arsta is allocated when a station is added. arsta-rxstats will be freed when a station is removed. Redundant allocations occur when th...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisysfs: Fixed an issue where the function deviceadd was called multiple times. The function deviceadd should not be called multiple times, as stated in its documentation: “Do not call this routine or deviceregister...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In mm/hugetlb, do not call vmaaddreservation when ENOMEM is encountered. sysbot reported a segmentation fault 1 in unmaphugepagerange. This occurs because vmaneedsreservation may return -ENOMEM if allocatefileregionentries fails ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciaddadvmonitor KSAN reports a use-after-free in hciaddadvmonitor. When adding an adv monitor, hciaddadvmonitor calls msftaddmonitorpattern, which in turn calls...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: spi: Fixed a use-after-free of the addlock mutex Commit 6098475d4cb4 “spi: Fixed a deadlock when adding SPI controllers on SPI buses” introduced a per-controller mutex. However, the mutexunlock call for that lock occurs after the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fixed a possible memory leak if deviceadd fails. If deviceadd returns an error, the name allocated by devsetname needs to be freed. As noted in the comments for deviceadd, putdevice should be used to release the...

Astra Linux - уязвимость в linux-5.15

rpmsgvirtioaddctrldev in drivers/rpmsg/virtiorpmsgbus.c in the Linux kernel before 5.18.4 has a double free...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: clk: A memory leak was fixed in devmclknotifierregister. devmclknotifierregister allocates a device resource for the clk notifier, but it does not register that resource with the device. As a result, the notifier remains...

Astra Linux – Vulnerability in Linux 6.1

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: calipso: fixed a memory leak in netlblcalipsoaddpass If IPv6 support is disabled at boot ipv6.disable=1, the calipsoinit - netlblcalipsoopsregister function is not called, and the netlblcalipsoopsget function always returns NULL...

Astra Linux – Vulnerability in libssh2

A vulnerability was discovered in the function libssh2packetadd in libssh2 1.10.0, allowing attackers to access out-of-bound memory...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fixed the null-pointer dereference in pgtablecacheadd. kasprintf returns a pointer to dynamically allocated memory; this pointer may be NULL in case of failure. Ensure that the allocation was successful by checking th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove a drr class from the active list if it changes to strict. Whenever a user issues a ets qdisc change command, transforming a drr class into a strict one, the ets code does not check whether that class was in...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fixed the lifetime of fhidg relative to cdev The embedded struct cdev does not correctly tie its lifetime to the surrounding struct fhidg. As a result, there may be a use-after-free if /dev/hidgN is kept open...

EUVD-2026-26811

A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNoticeController.java of the component System Notice Handler. This manipulation of the argument...

CVE-2026-7677 kerwincui FastBee System Notice SysNoticeController.java add cross site scripting

A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNoticeController.java of the component System Notice Handler. This manipulation of the argument...

FastBee 跨站脚本漏洞

FastBee is an open-source IoT platform developed by FastBee in China. Versions of FastBee 1.2.1 and earlier contained a cross-site scripting vulnerability. This vulnerability originated from the function Add in the parameter handling of noticeContent within the System Notice Handler component,...

EUVD-2026-26798

A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be...

ksmbd: use check_add_overflow() to prevent u16 DACL size overflow

...