Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Allow ext4getgroupinfo to fail. Previously, ext4getgroupinfo would treat an invalid group number as a BUG, since this should theoretically never happen. However, if a malicious attacker modifies the superblock via the block...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: jfs: Check whether leafidx is greater than the number of leaves per dmap tree. syzbot reported an out-of-bounds error in dbSplit. This occurs when dmtleafidx is greater than the number of leaves per dmap tree. A check for...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: NFSv4: Fixed an error in pnfsmarkrequestcommit, when performing ODIRECT operations. Fixed an error-prone condition in pnfsmarkrequestcommit, when adding a set of write operations to the commit list in order to reschedule them...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm, thp: Bail out early for writeback pages in collapsefile Currently, collapsefile does not explicitly check PGwriteback. Instead, pagehasprivate and trytoreleasepage are used to filter writeback pages. This approach does not wo...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - net: 9p: fixed a refcount leak in error handling of p9readwork. - p9reqput must be called when m-rreq-rc.sdata is NULL to avoid a temporary refcount leak. Dominique: made changes to the commit message, fixed arguments for...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: Truncating good inode pages when the hard link is 0 The value of the fileset for the inode copy from the disk by the reproducer is AGGRRESERVEDI. When the evict function is executed, its hard link number is 0, so its inode...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: The xid leak in cifscopyfilerange has been fixed. If the file is used by swap, before returning -EOPNOTSUPP, the xid should be freed. Otherwise, the xid will be leaked...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields also need to match, as they define the client’s identity, as presented ...

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can lead to a out-of-bounds read in ntfsrunlistsmergei in NTFS-3G 2021.8.22...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Fixed a slab-use-after-free issue caused by a dangling pointer dqipriv. When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses the syscall to call ocfs2getnextid...

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved by improving access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, and visionOS 2.3. A maliciously crafted webpage may be able to obtain user fingerprints...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Fixed a deadlock involving nfsreleasefolio Wang Zhaolong reported a deadlock involving NFSv4.1 state recovery, waiting on kthreadd, which attempts to reclaim memory by calling nfsreleasefolio. The latter cannot proceed due t...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: jfs: Fixed a UAF in dbFreeBits Reported by syzbot ERROR: KASAN: Use of a slab object after free in mutexlockcommon, kernel/locking/mutex.c:587 inline ERROR: KASAN: Use of a slab object after free in mutexlock+0xfe/0xd70,...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: cifs: Fixed a UAF in cifsdemultiplexthread There is a UAF when performing xfstests on cifs: BUG: KASAN: Use-after-free in smb2isnetworknamedeleted+0x27/0x160 Reading a size 4 value at address ffff88810103fc08 by task cifsd/923...

Astra Linux – Vulnerability in cifs-utils

It was discovered that cifs-utils’ mount.cifs function invoked a shell when requesting the Samba password, which could be exploited to inject arbitrary commands. An attacker who had special permissions, such as those through sudo rules, could use this vulnerability to escalate their privileges...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: jfs: Fixed an out-of-bounds issue in dbNextAG and diAlloc. In dbNextAG, there was no check for the case where bmp-dbnumag is greater than or equal to MAXAG due to a corrupted image, which could lead to an out-of-bounds...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: fs/jfs: Added validation for dbmaxag and dbagpref. Both dbmaxag and dbagpref are used as indexes for the dbagfree array. However, there is currently no validation for these values, which can lead to errors. The following is a...

CVE-2026-12460

An insufficient policy enforcement flaw was found in the File System Access component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517484284...

SUSE CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

Siemens RuggedCom Rox Out-of-bounds Read (CVE-2019-14197)

An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfsreadreply. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...