CVE-2026-57437

A flaw was found in Nokogiri, an XML and HTML library for Ruby. This vulnerability occurs when an application directly constructs an XPathContext and allows its associated document to be garbage collected while the context is still in use. An attacker could potentially exploit this by causing the...

EUVD-2026-31392

golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS...

GHSA-QPW4-5X99-6VJP golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

CVE-2026-53018

A flaw was found in the Linux kernel's f2fs filesystem. During garbage collection, a race condition can occur when a page is moved and updated, but the system attempts to read it again from an outdated location. This can trigger a kernel bug, leading to a system crash and a denial of service DoS....

EUVD-2026-39428

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

CVE-2026-57435 Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...

EUVD-2026-38886

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2...

Important: Red Hat Security Advisory: python3.14 security, bug fix, and enhancement update

An update for python3.14 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

GHSA-M578-W5VF-RFCM Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback

Summary Oj::Parser in SAJ mode does not protect cached object keys ≥ 35 bytes from garbage collection. A Ruby callback that triggers GC inside hashend can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results i...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the parsermark. An attacker can cause a segmentation fault and potentially crash the application by triggering garbage collection after assigning a custom class to arrayclass or hashclass and before parsing, leading to...

GHSA-VWM4-62GF-X745 Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking

Summary Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed...

GHSA-P67V-3W7G-WJG7 Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime

Summary Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault. This is only reachable when application co...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: afunix: Initialize sccindex in unixaddedge. Quang Le reported that the AFUNIX GC could garbage-collect a receive queue of an alive in-flight socket, with a detailed repro. The repro consists of three stages. 1 Create a single...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: A sanity check was added for the F2FSInlineDATA flag in the inode during garbage collection GC. The syzbot reports the following f2fs bug: ------------ Cut here ------------ Kernel BUG: At fs/f2fs/inline.c:258 CPU: 1 PID: 3...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the sanity check on summary information As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=216456 BUG: KASAN: use-after-free in recoverdata+0x63ae/0x6ae0 f2fs Read of size 4 at addr...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: afunix: Fixed the garbage collector’s race condition with connect The garbage collector does not consider the risk of an “embryo” being enqueued during garbage collection. If such an “embryo” has a peer that carries SCMRIGHTS, tw...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: Fixed an issue with overlapping expiration walks. The lazy garbage collection during insertion, which should remove entries when the timeout occurs, fails to properly release the remaining part of the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: keys: Fixed UAF in keyput Once a key’s reference count is reduced to 0, the garbage collector thread may destroy it at any time. Therefore, keyput is no longer allowed to access the key after that point. The only action that keyp...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: Wait for previous GC cycles when removing a port. The syzbot encountered a use-after-free issue1. This issue occurs because the bridge does not ensure that all previous garbage collection cycles are completed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: Defer the garbage collection of registered files to iouring’s responsibility. Instead of having unixgc handle the registered files of iouring, we want iouring to handle them itself. The key here is to consider the...