Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel vulnerabilities (USN-8373-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8373-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as...

Ubuntu 24.04 LTS / 25.10 : Linux kernel vulnerabilities (USN-8371-1)

The remote Ubuntu 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8371-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirt...

Ubuntu 26.04 LTS : Linux kernel vulnerabilities (USN-8370-1)

The remote Ubuntu 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8370-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. ...

USN-8374-1 linux-aws-6.17, linux-gcp, linux-gcp-6.17 vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

USN-8373-1 linux, linux-aws, linux-aws-6.8, linux-aws-fips, linux-azure, linux-fips, linux-gcp, linux-gcp-6.8, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-nvidia-tegra, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8 vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

Astra Linux - уязвимость в netcdf

A issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmlcharcontent attempts to use realloc on a block that has not been allocated, resulting in an invalid free operation and a segmentation fault...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an invalid free of JFSIPipimap-iimap in diUnmount syzbot detected an invalid-free in diUnmount: BUG: KASAN: double-free in slabfree mm/slub.c:3661 inline BUG: KASAN: double-free in kmemcachefree+0x71/0x110 mm/slub.c:36...

Astra Linux - уязвимость в aom

aomimage.c in libaom in AOMedia before 2021-04-07 releases memory that is not located in the heap...

Astra Linux - уязвимость в uriparser

A issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax...

Astra Linux - уязвимость в heimdal, samba

Before version 7.7.1, Heimdal allowed remote attackers to execute arbitrary code due to an invalid free operation in the ASN.1 codec used by the Key Distribution Center KDC...

Astra Linux - уязвимость в busybox

The decompressgunzip.c file in BusyBox contains an issue where version 1.32.1 improperly handles the error bit associated with the huftbuild result pointer. This results in an invalid free operation or segmentation fault due to malformed gzip data...

Astra Linux - уязвимость в linux

A issue was discovered in the drivers/accessibility/speakup/spkttyio.c file within the Linux kernel, as of version 5.9.9. Local attackers on systems with the speakup driver could exploit this to carry out a local denial-of-service attack, identified as CID-d41227544427. This issue arises due to a...

Astra Linux - уязвимость в uriparser

A issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013314)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013314 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFSIPipimap-iimap in diUnmount syzbot found an invalid-free in diUnmount...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006743)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006743 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFSIPipimap-iimap in diUnmount syzbot found an invalid-free in diUnmount...

EUVD-2025-208347

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dumprelocations returns early due to parsing errors, the internal allrelocations array may remain partially uninitialized...

CVE-2025-69651

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dumprelocations returns early due to parsing errors, the internal allrelocations array may remain partially uninitialized...

CVE-2025-69651

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dumprelocations returns early due to parsing errors, the internal allrelocations array may remain partially uninitialized...

CVE-2026-2574

A flaw was found in glib-networking. A malicious Transport Layer Security TLS server can exploit an out-of-bounds read and invalid free vulnerability when a client using the OpenSSL backend connects. By advertising a specially crafted client-CA list, the server can trigger an issue where memory i...

MiracleLinux 7 : firefox-102.10.0-1.0.1.el7.AXS7 (AXSA:2023-5303:17)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5303:17 advisory. MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp BZ2186102 Mozilla: Fullscreen notification obscured CVE-2023-29533 Mozilla: Potential Memory...