Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Initialize rcvmss before calling tcpsendactivereset in mptcpdofastclose. syzbot reported a divide-by-zero issue in tcpselectWindow for MPTCP sockets. 0 We had a similar issue with bare TCP and fixed it in commit 499350a5a6...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check the start of empty przs during initialization. After the commit 30696378f68a “pstore/ram: Do not treat empty buffers as valid”, initialization would assume that the prz was valid after determining that buffersiz...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ip6mr: Fixed the UAF issue in ip6mrskDone, where a invalid pointer access occurred when addrconfinitnet failed. If the initialization fails during the call to addrconfinitnet, devconfall is a pointer that has been released...

Astra Linux - уязвимость в libslirp

An invalid pointer initialization issue was discovered in the SLiRP networking implementation of QEMU. The flaw resides in the tftpinput function and can occur when processing an UDP packet that is smaller than the size of the ‘tftpt’ structure. This issue may lead to out-of-bounds read access or...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ARM: rockchip: fixed a kernel hang during SMP initialization To enable the secondary CPUs’ main CPU write trampoline code to SRAM, the trampoline code is written while the secondary CPUs are powered on at least this is true fo...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: l2tp: All race conditions in l2tptunnelregister have been fixed. The code within l2tptunnelregister is problematic in several ways: 1. It modifies the tunnel socket after it is published. 2. It calls setupudptunnelsock on an...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/hns: Fixed a NULL pointer issue in freemrinit. A lock grab occurs in a concurrent scenario, resulting in dereferencing a NULL pointer. This issue should be addressed by using initmutexinit before attempting to lock...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Handling of eagerly init vgic dist/redist during vgic creation If vgicallocateprivateirqslocked fails for any reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialized. Then, kvmvgicdistdestroy is...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – Fixed a kernel crash that occurred when devlink reloaded during pf initialization. The devlink reloading process will access hardware resources, but the register operations are performed before the hardware is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Media: MediTech: vcodec – Fixed an oops when HEVC initialization fails. The stateless HEVC decoder saves the instance pointer in the context, regardless of whether the initialization succeeded or not. This caused a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: EDAC/mc: Fixed the error path ordering in edacmcalloc. When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice, which will ultimately call the device’s release function. However, the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fixed the null pointer dereference issue. If SMU is disabled, during RAS initialization, there will be a null pointer dereference issue...

Astra Linux - уязвимость в sox

In SoX 14.4.2, there is an assertion failure in rateinit in rate.c in libsox.a...

Astra Linux – Vulnerability in opensc

The gemsafe GPK smart card software driver in OpenSC before version 0.21.0-rc1 has a stack-based buffer overflow in the scpkcs15emugemsafeGPKinit function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: The issue related to “slab-use-after-free” in inetlookupestablished has been fixed. The lookups in the ehash table are performed without locking, and they rely on SLABTYPESAFEBYRCU to ensure the stability of socket memory...

PT-2026-42057

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021654 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: free inode when ocfs2getinitinode fails syzbot is reporting busy inodes after unmount, for...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021607)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021607 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spinunlockirqrestore called with IRQs enabled Fix missuse of...

Linux Distros Unpatched Vulnerability : CVE-2026-43369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021528)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021528 advisory. In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the...