kernel: libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A local attacker with privileges on the host system could exploit a vulnerability in how KVM handles shadow page table entries SPTEs during memory-mapped I/O MMIO operations. By manipulating guest page table entrie...

CVE-2026-24425

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via callback validation for the sort, filter, map, and reduce filters when sandboxing is enabled through SourcePolicyInterface. An attacker can...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: net: stmmac: fixed an issue where a left shift overflow occurred in the DMA queue. When the queue number is greater than 4, a left shift overflow occurs due to the 32-bit integer variable used in calculations. The mask...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The issue lies in ofparsephandlewithargsmap. In this function, the inner loop that iterates through the map entries calls ofnodeputnew to free the reference acquired during the previous iteration of the inner loop. This assumes...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Track xmit submissions to PTP WQ after populating the metadata map. Ensure that the skb is available in the metadata mapping to skbs before tracking the metadata index to detect undelivered CQEs. If the metadata ind...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Deferring the release of the inner map when necessary When updating or deleting an inner map in the map array or map htab, the map may still be accessed by non-sleepable programs or sleepable programs. However, bpfmapfdputpt...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/vmwgfx: Fixed the lifetime of the bo cursor memory. Cleanup operations can be performed while the atomic update is still active. This means that the memory acquired during the atomic update does not need to be invalidated ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: fix UAF in hugetlbhandleuserfault The vmalock and hugetlbfaultmutex are removed before handling userfault, and reacquired again after handleuserfault. However, reacquiring the vmalock could lead to a...

Astra Linux - уязвимость в firefox

The sourceMapURL feature in devtools lacked security checks, which would have prevented a webpage from attempting to include local files or other files that should be inaccessible. This vulnerability affects Firefox versions earlier than 99...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapoavx2: fix initial map fill If the first field does not cover the entire start map, then we must zero out the remaining bits; otherwise, those bits will be leaked into the next matching round of the map. The...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/tests: shmem: Holding the reservation lock around vmap/vunmap operations Acquiring and releasing the reservation lock of the GEM object during vmap and vunmap operations. The tests used vmaplocked, which caused errors such...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve a full Gunyah metadata region. We have observed spurious “Synchronous External Abort” exceptions ESR=0x96000010 and kernel crashes on Monaco-based platforms. These faults occur due to the kernel...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed a chunk map leak in btrfsmapblock after btrfschunkmapnumcopies. Fixed a chunk map leak in btrfsmapblock: if we return early with -EINVAL, we are not freeing the chunk map that we just looked up...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: A reference count leak was fixed in snruncoremmiomap. pcigetdevice increases the reference count of the returned pcidev. Therefore, snruncoregetmcdev will return a pcidev with its reference count increased...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/lima: fixed a memory leak in limaheapalloc. When limavmmapbo fails, the resources need to be deallocated; otherwise, there will be memory leaks...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not drop the extentmap for the inode of free space during a write error. While running the CI for an unrelated change, I encountered the following panic: with generic/648 on btrfsholesspacecache. The assertion failed:...

Astra Linux - уязвимость в libjettison-java

It was discovered that Jettison before version 1.5.2 contained a stack overflow vulnerability through the map parameter. This vulnerability allows attackers to cause a Denial of Service DoS attack by using a specially crafted string...