ALPINE-CVE-2026-5950

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 throu...

USN-8284-1 gnutls28 vulnerabilities

Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remote attacker could possibly use this issue to obtain sensitive information, or cause a denial of service. CVE-2026-33845 Haruto Kimura, Oscar Reparaz, and Zou Dikai discovered th...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page corresponding to a guest ASCE should be 0. When replacing the ASCE in s390replaceasce, the index of the new ASCE should also be set to 0. Having t...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linearpitchalignment even for VM Description Assign linearpitchalignment to prevent division by zero errors in VM environments...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fixed the initialization of the ID registers for non-protected pKVM guests. In protected mode, the hypervisor maintains a separate instance of the kvm structure for each VM. For non-protected VMs, this structure is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: phy: allowing MDIO bus PM operations to initiate/stop the state machine for phylink-controlled PHYs. DSA has two types of drivers: 1. Those that call dsaswitchsuspend and dsaswitchresume from their device’s PM operations:...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Disabling IBT when the hypercall page lacks the ENDBR instruction. On hardware that supports Indirect Branch Tracking IBT, Hyper-V VMs with ConfigVersion 9.3 or later support IBT in the guest. However, current version...

Astra Linux - уязвимость в qemu

A flaw was discovered in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can result in the callback being fired later, thereby causing a use-after-free when using the channel. This vulnerability can be exploited by a malicious...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in the guest XSAVE state whenever XFDi=1 When loading the guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear the XFD-disabled features in the saved or to be...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: VMCI: fixed a race condition between vmcihostsetupnotify and vmcictxunsetnotify. During our testing, it was found that a warning can occur in trygrabfolio. The detailed error message is as follows: ----------- Cut here ----------...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgicv2parseattr vgicv2parseattr is responsible for finding the vCPU that matches the user-provided CPUID, which may not be valid. If the ID is invalid, kvmgetvcpubyid returns NULL,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMSAVE/VMLOAD emulation. The commit cc3ed80ae69f states that “KVM: nSVM: always use vmcb01 for vmsave/vmload of guest state”. This commit ensured that KVM always used vmcb01 for the fields controll...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixed a panic issue by disabling preemption. In RISCV, we must use an AUIPC + JALR pair to encode an immediate jump, creating a jump to an address beyond 4K. This may cause errors if we want to enable kernel...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: hrtimers: Timers queued after CPUHPAPHRTIMERSDYING must be migrated away from the dying CPU to any online target. This is done to avoid delaying bandwidth timer handling tasks related to CPU hotplug progress. However, wakesup...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: The vmci transport packet must be cleared properly when initializing it. In vmcitransportpacketinit, memset is used to clear the vmcitransportpacket before populating the fields, to prevent any uninitialized data from...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fixed a data leak in the mmioread function. The mmioread function calls a TDVMCALL to retrieve MMIO data for a given address from the VMM. Sean noticed that mmioread inadvertently exposes the value of an initialized...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virtualization mode when SMM state is toggled The nested virtualization mode is forcibly exited if the user space toggles the SMM state using KVMSETVCPUEVENTS or KVMSYNCX86EVENTS. If the user space...

Astra Linux - уязвимость в qemu

QEMU 5.0.0 has a use-after-free issue in the hw/usb/hcd-xhci.c file, as the return value of usbpacketmap is not checked...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only warnings are issued when overwriting a shadow-present SPTE, specifically when the operation is performed on direct MMUs. This adjustment applies only to MMUs that do not have shadowed gPTEs. While it’s impossib...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use arrayindexnospec with indices that come from the guest. min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks helps to mitigate speculative execution side-channels...