CVE-2026-8485

CVE-2026-8485 describes an Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation. Affected product: MOVEit Automation; vulnerable component/area is related to memory allocation in the server/runtime path. Impact: excessive memory allocation may occur, with availabili...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

kernel: scsi: qla2xxx: Fix improper freeing of purex item

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...

Allocation of Resources Without Limits or Throttling

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via untrusted Twig template evaluation within the sandbox. An attacker can cause denial of service by supplying...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A issue was discovered in the Linux kernel through version 6.1-rc8. The function dpucrtcatomiccheck in the file drivers/gpu/drm/msm/disp/dpu1/dpucrtc.c lacks a check for the return value of kzalloc. This issue may lead to a NULL Pointer Dereference...

Astra Linux - уязвимость в linux, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fixed to return an error if attempting to allocate a snapshot fails. registersnapshottrigger function was fixed to return an error code if it fails to allocate a snapshot, instead of returning 0 success. Otherwis...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fixed a memory leak in mlx5eptpopen. When kvzallocnode or kvzalloc fails in mlx5eptpopen, the memory pointed to by “c” or “cparams” is not freed, which can lead to a memory leak. This issue has been fixed by freeing th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fixed a deadlock in memory allocation under spinlock. A deadlock occurred in the refillskbs function, where memory allocation while holding skbpool-lock could trigger a recursive lock acquisition attempt. This deadlock...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: afs: Fixed the delayed allocation of a cell’s anonymous key. The allocation of a cell’s anonymous key is performed in a background thread, along with other cell-related operations such as making DNS calls. In the reported bug, th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: SELinux: The use of both GFPKERNEL and GFPATOMIC in convertcontext was enabled. The following warnings were triggered in a hardware environment: SELinux: Converting 162 SID table entries… BUG: A sleeping function was called fr...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Staging: r8712: Fixed a memory leak in r8712initxmitpriv. In the aforementioned routine, memory is allocated in several places. If the first attempt succeeds but a later attempt fails, the routine will cause a memory leak. This...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: libwx: fixed a memory leak in wxsetuprxresources When wxallocpagepool fails in wxsetuprxresources, it does not release the DMA buffer. Adding dmafreecoherent in the error handling path is necessary to release the DMA buffer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list The struct sdcacontrol structure declares the “values” field as an integer array. However, the memory allocated for this field is actually a char array. This causes a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Unallocated resources are no longer allowed to be returned. In cases where the topology requests resources that have not been created by the system since they are typically not represented in dpumdsscfg, the resource...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handling deconfigured sockets When a socket is deconfigured, it is mapped to SOCKEMPTY 0xffff. This causes a panic during the allocation of UV hub info structures. This issue can be fixed by using NUMANONODE,...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed an warning in ext4updateinlinedata. Syzbot identified the following issue: EXT4-fs loop0: Mounted a filesystem with PID 5071 at file mm/pagealloc.c:5525 allocpages+0x30a/0x560. Quota mode: None. fscrypt:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed DMA mapping leaks During the reallocation of RX buffers, new DMA mappings are created for those buffers. Steps to reproduce the issue are as follows: While loop: Do For i=0; i=8160; i=i+32 Do ethtool -G enp130s0f0 ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: kunit: Executor: Fixed a memory leak in cases where kunitfiltertests fails. It is possible that memory allocation for the “filtered” data may fail, but the copy of the suite may still succeed. In such cases, the “copy” data might...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: Stop leaking data upon a failure of krealloc. Currently, when dmaresvgetfences fails, it will leak the previously allocated array if the fence iteration was restarted and kreallocarray failed. The old array must...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: vxlan: Fixed memory leaks in the error path. The memory allocated by vxlanvnigroupinit is not freed during the error path, leading to memory leaks 1. This issue was fixed by calling vxlanvnigroupuninit in the error path. The...