Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed a deadlock in the tc route query code The cited commit caused a ABBA deadlock0 when peer flows were created while holding the devcom rw semaphore. Due to the peer flow offload implementation, the lock is taken...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: libfs: Fix for getstasheddentry. getstasheddentry attempts to retrieve a stashed dentry from a provided location in an optimistic manner. It needs to ensure that it holds a rcu lock before dereferencing the stashed location, to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ovpn: TCP – fix for extracting packets from the stream When processing TCP stream data in ovpntcprecv, we receive large cloned skbs from strprcv, which may contain multiple coalesced packets. The current implementation has two...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ublk: Clean up user copy references on the ublk server exit If a ublk server process releases a ublk character device file, any requests dispatched to the ublk server but not yet completed will retain a reference value of...

Astra Linux - уязвимость в tiff

LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in TIFFmemcpy in libtiff/tifunix.c:346, when called from extractImageSection, located at tools/tiffcrop.c:6860. This vulnerability allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fixed a use-after-free issue on the source server during inter-server copying. The use-after-free occurred when the laundromat attempted to free an expired cpntfstate entry from the s2scpstateids list after inter-server...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fixed a memory leak when insertoldidx failed. The following process may cause a memory leak for the copied znode: dirtycowznode zn = copyznodec, znode; err = insertoldidxc, zbr-lnum, zbr-offs; if unlikelyerr return...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Fixed a potential data race in nftexprtypeget. The function nftunregisterexpr can occur concurrently with nftexprtypeget. There is no protection when iterating over the nftablesexpressions list in...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In 64-bit versions of the Linux kernel, Copyfromuser does not implement uaccessbeginnospec, which allows a user to bypass the “accessok” check and pass a kernel pointer to copyfromuser. This would enable an attacker to leak sensitive information. We recommend upgrading beyond commit...

SUSE CVE-2025-5264

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11,...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-8279-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8279-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Cop...

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

Linux Distros Unpatched Vulnerability : CVE-2026-43330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: caam - fix overflow on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocate...

Linux Distros Unpatched Vulnerability : CVE-2026-43358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: add missing RCU unlock in error path in tryreleasesubpageextentbuffer Call rcureadlock before exiting the loop in tryreleasesubpageextentbuffer because...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-8281-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8281-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

Ubuntu 25.10 / Pro Realtime 24.04 LTS : Linux kernel vulnerabilities (USN-8277-1)

"The remote Ubuntu 25.10 / Pro Realtime 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8277-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is...

Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel vulnerabilities (USN-8278-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8278-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Cop...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-8280-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8280-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Cop...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021638)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021638 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block...

PT-2026-42125

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.19.1 through 1.25.0 Description A flaw in the DNSSEC validator allows for denial of service and potential remote code execution. The issue occurs during the deep copying of a data structure when DS sub-queries...