unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race

Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...

GHSA-6M57-8R3P-PQX6 unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race

Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...

PT-2026-45016

Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...

MAL-2026-4481 Malicious code in arc-diag-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95f08d97107d726a6ae90afbf8e354b84a7e13d4a236bc8766180a362cc8344c On npm install, the package's postinstall hook runs id to capture the installer's uid/gid/group identity and opens a raw TCP socket to...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: arc: fixed the device for dmamapsingle/dmaunmapsingle ndev-dev and pdev-dev are not the same device; use ndev-dev.parent, which has dmamask. ndev-dev.parent is simply pdev-dev. Otherwise, the following issue will occur:...

May 12, 2026—KB5087471 (Monthly Rollup)

May 12, 2026—KB5087471 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only a...

May 12, 2026—Hotpatch KB5087423 (OS Build 26100.32772)

May 12, 2026—Hotpatch KB5087423 OS Build 26100.32772 This update applies to Windows Server 2025 Datacenter & Standard machines connected to Azure Arc. To learn more about differences between security updates, optional non-security preview updates, out-of-band OOB updates, and continuous innovatio...

May 12, 2026-Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 R2 (KB5087049)

May 12, 2026-Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 R2 KB5087049 Applies to: Microsoft .NET Framework 3.5 Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Window...

May 12, 2026—KB5087470 (Monthly Rollup)

May 12, 2026—KB5087470 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only are...

Astra Linux - уязвимость в rustc

In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::getmut method. This synchronization issue can be lead to memory safety issues through race conditions...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ARC: mm: fix leakage of memory allocated for PTE Since commit d9820ff "ARC: mm: switch pgtablet back to struct page " a memory leakage problem occurs. Memory allocated for page table entries not released during process terminatio...

Astra Linux - уязвимость в cairo

A issue was discovered in cairo 1.16.0. There is an infinite loop in the function arcerrornormalized in the file cairo-arc.c, which is related to arcmaxanglefortolerancenormalized...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +4709 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.4.0 <=3.4.13)

org.springframework.boot:spring-boot MAVEN version =3.4.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.17.0, =1.17.0, =1.17.0, =0.0.1, =0.0.1, =0.25.7-rc.64, =0.25.7-rc.68 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +20270 more potentially affected by CVE-2026-40974 via org.springframework.boot:spring-boot-autoconfigure (>=3.0.0 <=3.5.13)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =3.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013785 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: arcuart: fix ofiomap leak in arcserialprobe Smatch reports:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010788)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010788 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: arcuart: fix ofiomap leak in arcserialprobe Smatch reports:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007452)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007452 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: arcuart: fix ofiomap leak in arcserialprobe Smatch reports:...

April 14, 2026—KB5082127 (Monthly Rollup)

April 14, 2026—KB5082127 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only ar...

April 14, 2026-Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 R2 (KB5082406)

April 14, 2026-Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 R2 KB5082406 Applies to: Microsoft .NET Framework 3.5 Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running...

April 14, 2026—KB5082126 (Monthly Rollup)

April 14, 2026—KB5082126 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only...