EUVD-2026-38908

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate bgbits during freefrag scan BUG A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2IOCINFO is issued with OCFS2INFOFLNONCOHERENT. BUG: KASAN: use-after-free in instrumentatomicread...

EUVD-2026-38876

In the Linux kernel, the following vulnerability has been resolved: ice: fix race condition in TX timestamp ring cleanup Fix a race condition between icefreetxtstampring and icetxmap that can cause a NULL pointer dereference. icefreetxtstampring currently clears the ICETXFLAGSTXTIME flag after...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Prevent an incorrect count for tracingcpumaskwrite. If a large count is provided, it will trigger a warning in bitmapparseuser. Also, check for zero in that case...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: A overflow issue was fixed in the bitmapipcreate function before the bitmap was widened. When firstip is 0, lastip is 0xFFFFFFFF, and the netmask is 31, the value of an arithmetic expression 2 netmask - maskbits...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: exfat: A memory leak has been fixed in exfatloadbitmap. If the first directory entry in the root directory is not a bitmap directory entry, the variable ‘bh’ will not be released and reassigned, which will cause a memory leak...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional checks have been added in niclear. The addition of a check for NTFSFLAGSLOGREPLAYING prevents access to the uninitialized bitmap during the replay process...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, deleting offscreen bitmaps caused gdi-drawing to point to freed memory, leading to UAF when related update packets arrived. A malicious server could trigger client-side use after the objects were freed,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: Synchronized bitmapgetstats with the lifetime of the bitmap. After the commit with the code ec6bb299c7c3 “md/md-bitmap: add ‘syncsize’ into struct mdbitmapstats, a panic is reported: Oops: General Protection Fault,...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drivers/md/md-bitmap: Check the return value of mdbitmapgetcounter. Check the return value of mdbitmapgetcounter in case it returns a NULL pointer, which would lead to a null pointer dereferencing. v2: Updated the check to includ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: corrected the bitmaplimit value for clustermd when writing sb. In clustermd, separate write-intent-bitmaps are used for each cluster node: 0 4k 8k 12k...

Astra Linux – Vulnerability in htmldoc

A buffer under-reading issue based on stacks in the htmldoc before version 1.9.12 allows attackers to cause a denial of service by using a crafted BMP image with the imageloadbmp function...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to avoid using f2fsbugon in f2fsnewnodepage. As reported by Dipanjan Das , syzkaller discovered a bug in f2fs as follows: RIP: 0010:f2fsnewnodepage+0x19ac/0x1fc0 fs/f2fs/node.c:1295 Call Trace: writeallxattrs...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid allocating blocks from a group with a corrupted block bitmap in ext4mbtrybestfound. Determine whether the group block bitmap is corrupted before using acbex in ext4mbtrybestfound to prevent allocating blocks from a...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid dividing by 0 in mbupdateavgfragmentsize when the block bitmap is corrupted. The issue arises when the block bitmap is corrupted, and dividing by 0 may occur during this function. To mitigate this risk, it is necessar...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: iommufd/iovabitmap: Fixed a out-of-bounds situation in iovabitmapoffsettoindex. A UBSAN out-of-bounds issue was addressed in iovabitmapoffsettoindex, where shifting the constant “1” of type int by bitmap-mapped.pgshift a unsigned...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The issue with bitmap corruption when using CLOSERANGEUNSHARE in closerange has been fixed. The function copyfdbitmapsnew, old, count is expected to copy the first count/BITSPERLONG bits from old-fullfdsbits and fill the rest wit...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid allocating blocks from a corrupted group in ext4mbfindbygoal. The logic for checking whether the block bitmap of the group is corrupted is now placed under the protection of the group lock, thereby avoiding the...

Astra Linux – Vulnerability in openimageio

There are multiple denial-of-service vulnerabilities in the image output closing functionality of the OpenImageIO Project’s OpenImageIO v2.4.4.2. specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious inputs to exploit these...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: cxl: Fixed a memory leak in the error handling path. The bitmapzalloc function must be balanced with a corresponding bitmapfree function in the error handling path of afuallocateirqs...

Astra Linux – Vulnerability in poppler, poppler-22

Before version 25.04.0, crafted input files could cause out-of-bounds reads in the JBIG2Bitmap::combine function within JBIG2Stream.cc, due to an improperly placed isOk check...