Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtasflash: allows user copy to flash block cache objects With hardened usercopy enabled CONFIGHARDENEDUSERCOPY=y, using the /proc/powerpc/rtas/firmwareupdate interface to prepare a system firmware update results in a BUG:...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the issue of not checking the atomicwrite status in f2fs ioctl interfaces. Some f2fs ioctl interfaces, such as f2fsiocsetpinfile, f2fsmovefilerange, and f2fsdefragmentrange, failed to check the atomicwrite status, whi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Error checking for inftlreadoob has been added. In INFTLfindwriteunit, the return value of inftlreadoob needs to be checked. A proper implementation can be found in INFTLdeleteblock. The status will be set to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fixed an issue that covered the reserve,releasecompressblocks function with the cprwsem lock. This fix is necessary to avoid race conditions with the checkpoint mechanism. Otherwise, filesystem metadata, including...

Astra Linux - Vulnerability in linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly restricted format strings where the dynamic parts consist only of hex numbers or similar values. However, there are a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: The return value of f2fsrecoverfsyncdata has been fixed. With the following scripts, a panic will occur in f2fs: bash mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 /mnt/f2fs/foo f2fsio fsy...

CVE-2026-31715

A flaw was found in the Linux kernel's Flash-Friendly File System f2fs. A use-after-free vulnerability exists due to incorrect handling of page counts during concurrent write operations and unmounting. This can lead to a NULL pointer dereference, causing the system to panic and resulting in a...

CVE-2026-31714

A flaw was found in the Linux kernel's F2FS Flash-Friendly File System component. This vulnerability, a memory leak, occurs within the f2fsrename function. A local attacker could exploit this by repeatedly performing file rename operations, leading to a gradual consumption of system memory. Over...

CVE-2026-31702

A flaw was found in the Linux kernel's F2FS Flash-Friendly File System component. A use-after-free vulnerability exists in the f2fscompresswriteendio function. This flaw is caused by a race condition during the compressed writeback completion path, where the system attempts to access memory that...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper memory release in the fscryptsetupfilename function within f2fsrename. This could le...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007000)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007000 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/rtasflash: allow user copy to flash block cache objects With hardened usercopy enabled...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013330)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013330 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/rtasflash: allow user copy to flash block cache objects With hardened usercopy enabled...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007485)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007485 advisory. In the Linux kernel, the following vulnerability has been resolved: mtd: maps: pxa2xx-flash: fix memory leak in probe Free 'info' upon remapping error to avoid a...

ROS-20260414-73-0061

A vulnerability in the f2fsdecompresscluster function of the fs/f2fs/compress.c module of the F2FS file system of the Linux kernel is related to insufficient resource locking. Exploitation of the vulnerability may allow an intruder to affect the integrity and availability of protected information...

Vulnerability Detection with Interprocedural Context in Multiple Languages: Assessing Effectiveness and Cost of Modern LLMs

Large Language Models LLMs have been a promising way for automated vulnerability detection. However, most prior studies have explored the use of LLMs to detect vulnerabilities only within single functions, disregarding those related to interprocedural dependencies. These studies overlook...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006714)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006714 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/rtasflash: allow user copy to flash block cache objects With hardened usercopy enabled...

CVE-2026-23434

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...

CVE-2026-4346

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

EUVD-2026-16452

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

CVE-2026-4346

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...