Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: avoid struct memcpy overrun warning A previous patch addressed the fortified memcpy warning for most builds, but I still encounter this issue with gcc-9: In the file included from include/linux/string.h:254, from...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: x86/hyperv: Fixed a NULL dereferencing in sethvtscchangecb if the Hyper-V setup fails. Checked for a valid hvvpindex array before dereferencing hvvpindex when setting Hyper-V’s TSC change callback. If Hyper-V setup fails in...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport init-annotated hvinitclocksource EXPORTSYMBOL and init are a poor combination, as the .init.text section is freed after initialization. As a result, modules cannot use symbols annotated with init...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Drivers: hv: vmbus: Disabled the option to deactivate sysctlrecordpanicmsg by default in isolated guests. hvpanicpage might contain information sensitive to guests; do not dump this information to Hyper-V by default in isolate...

Astra Linux – Vulnerability in hdf5

A SIGFPE signal is raised in the function H5Dcreatechunkfilemaphyper of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempt to parse a crafted HDF file. This occurs due to incorrect protection against division by zero. This could allow a remote denial-of-service attack...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fbdev: hypervfb: Fixed a hang that occurred in the kdump kernel when running on Hyper-V Gen 2 VMs. Hyper-V Gen 2 VMs boot via EFI and have a standard EFI framebuffer device. When the kdump kernel runs in such a VM, loading the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fixed potential crashes during module unloading. The vmbus driver relies on the panic notifier infrastructure to perform certain operations when a panic event is detected. Since vmbus can be built as a module,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Do not dereference the ACPI root object handle Since the commit referenced in the Fixes section below the VMBus client driver is walking through the ACPI namespace, starting from the VMBus ACPI device up to th...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/hyperv: Fixed an address space leak when the Hyper-V DRM device is removed. When a Hyper-V DRM device is probed, the driver allocates MMIO space for the vram and maps it as cacheable. If the device is removed, or if the devic...

Handling the Vulnerability Surge in the Post-Mythos Era

How to Operationalize Hyper-Prioritization and Autonomous Remediation with Qualys Executive Summary The Mythos era, defined by a surge of AI-driven vulnerabilities from frontier models like Anthropic 's Claude Mythos, requires security teams to fundamentally move from manual to an autonomous...

Windows 11 25H2 - Heap Overflow

Exploit Title: Windows 11 25H2 - Heap Overflow Ghost Patch Exploit Framework Date: 2026-02-13 Exploit Author: nu11secur1ty Vendor Homepage: https://www.microsoft.com Software Link: https://www.microsoft.com/software-download/windows11 Version: Windows 11 25H2 Build 26200.7830 Vulnerable Tested on...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013790 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Fix crash due to uninitialized currentvmcs KVM enables 'Enlightened VMCS' and...

Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained

Overview For executive leadership, the emergence of Kyber ransomware represents a significant and immediate threat due to its specialized, dual-platform deployment capability targeting mission-critical virtualization infrastructure VMware ESXi and core Windows file systems. This cross-platform...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010829)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010829 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Fix crash due to uninitialized currentvmcs KVM enables 'Enlightened VMCS' and...

Linux Distros Unpatched Vulnerability : CVE-2026-33414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in...

CVE-2026-32149

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...

CVE-2026-26156

Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally...

CVE-2026-33414

A flaw was found in Podman, a tool for managing containers. This vulnerability, located in the HyperV machine backend, allows for command injection. An attacker who can manipulate the virtual machine VM image path can inject and execute arbitrary PowerShell commands. This could lead to unauthoriz...

CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...