USN-8262-1: Lua vulnerability

It was discovered that the Lua parser incorrectly handled garbage collection when processing specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

USN-8262-1 lua5.1 vulnerability

It was discovered that the Lua parser incorrectly handled garbage collection when processing specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

Astra Linux - уязвимость в firefox

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: afunix: Give up GC if MSGPEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a race with MSGPEEK with a nice repro. This is the exact same issue previously fixed by commit cbcf01128d0...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: revisit gc autotuning As of commit 4608fdfc07e1, this issue has been addressed. “netfilter: conntrack: collect all entries in one cycle” The behavior related to conntrack’s garbage collection has been change...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: Fixed issues where stuck flows occurred during cleanup due to pending work. To clear the flow table when it becomes free, the following sequence typically occurs: 1 The gcstep operation is stopped to disable...

Astra Linux - уязвимость в firefox

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

JLSEC-2026-330

A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FLblkgclist of the file src/H5FL.c. The manipulation of the argument H5FLblkheadt leads to use after free. An attack has to be approached locally. The exploit has been disclosed...

DEBIAN-CVE-2026-31577

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadowmap The DAT inode's btree node cache iassocinode is initialized lazily during btree operations. However, nilfsmdtsavetoshadowmap assumes iassocinode is already...

CVE-2026-31577

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadowmap The DAT inode's btree node cache iassocinode is initialized lazily during btree operations. However, nilfsmdtsavetoshadowmap assumes iassocinode is already...

EUVD-2026-25470

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadowmap The DAT inode's btree node cache iassocinode is initialized lazily during btree operations. However, nilfsmdtsavetoshadowmap assumes iassocinode is already...

CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadowmap The DAT inode's btree node cache iassocinode is initialized lazily during btree operations. However, nilfsmdtsavetoshadowmap assumes iassocinode is already...

CVE-2026-31577

CVE-2026-31577 affects the Linux kernel nilfs2 filesystem. The vulnerability is a NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map during GC if NILFS_IOCTL_CLEAN_SEGMENTS is invoked immediately after mount, before any btree operation on the DAT inode. The root cause is i_assoc_inode...

CVE-2026-31577

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadowmap The DAT inode's btree node cache iassocinode is initialized lazily during btree operations. However, nilfsmdtsavetoshadowmap assumes iassocinode is already...

PT-2026-34929

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the nilfs2 component within the nilfs mdt save to shadow map function. The btree node cache i assoc inode of the DAT inode is initialized lazily duri...

CVE-2026-40886

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

CVE-2026-31455

A flaw was found in the Linux kernel's XFS file system. During the unmount process, the system attempts to flush data while background cleanup and inode garbage collection inodegc operations are still active. This improper synchronization can lead to data integrity issues or system instability, a...

EUVD-2026-24794

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013782)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013782 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip end interval element from gc rbtree lazy gc on insert might collect...