CVE-2026-53174

A flaw was found in the Linux kernel's overlay filesystem ovl component. Specifically, an issue in the ovliteratemerged function incorrectly stores an error pointer even after a successful cache operation. This can lead to the function returning a misleading non-zero error, potentially causing...

UBUNTU-CVE-2026-53174

In the Linux kernel, the following vulnerability has been resolved: ovl: keep err zero after successful ovlcacheget ovliteratemerged stores PTRERRcache in err before checking ISERRcache. On success err holds the truncated cache pointer and can be returned as a bogus non-zero error. The syzbot...

CVE-2026-53174

In the Linux kernel, the following vulnerability has been resolved: ovl: keep err zero after successful ovlcacheget ovliteratemerged stores PTRERRcache in err before checking ISERRcache. On success err holds the truncated cache pointer and can be returned as a bogus non-zero error. The syzbot...

CVE-2026-53174 ovl: keep err zero after successful ovl_cache_get()

In the Linux kernel, the following vulnerability has been resolved: ovl: keep err zero after successful ovlcacheget ovliteratemerged stores PTRERRcache in err before checking ISERRcache. On success err holds the truncated cache pointer and can be returned as a bogus non-zero error. The syzbot...

EUVD-2026-39265

In the Linux kernel, the following vulnerability has been resolved: ovl: keep err zero after successful ovlcacheget ovliteratemerged stores PTRERRcache in err before checking ISERRcache. On success err holds the truncated cache pointer and can be returned as a bogus non-zero error. The syzbot...

CVE-2026-53174

CVE-2026-53174 affects the Linux kernel overlay filesystem (ovl). The bug in ovl_iterate_merged() stores PTR_ERR(cache) in err before validating the cache with IS_ERR(cache), so on success err may hold a truncated cache pointer and be returned as a bogus non-zero error. The repro path goes throug...

CVE-2026-53174

In the Linux kernel, the following vulnerability has been resolved: ovl: keep err zero after successful ovlcacheget ovliteratemerged stores PTRERRcache in err before checking ISERRcache. On success err holds the truncated cache pointer and can be returned as a bogus non-zero error. The syzbot...

kernel: selinux: fix overlayfs mmap() and mprotect() access checks

A flaw was found in the Linux kernel's SELinux security module when handling overlayfs. The existing security model for overlayfs does not properly enforce access controls for mmap and mprotect operations. This oversight could allow a local attacker to bypass intended security policies, potential...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libheif vulnerabilities (USN-8454-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8454-1 advisory. Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files...

Astra Linux – Vulnerability in docker.io

Moby is an open-source container framework developed by Docker Inc. It is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby, is commonly referred to as Docker. Swarm Mode, which is...

Astra Linux – Vulnerability in Firefox and Thunderbird

An attacker could cause a select dropdown menu to be displayed over another tab; this could lead to user confusion and potential spoofing attacks. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/mxsfb: Disabling the overlay plane in mxsfbplaneoverlayatomicdisable When disabling the overlay plane in mxsfbplaneoverlayatomicupdate, the framebuffer pointer of the overlay plane is NULL. Therefore, dereferencing it would...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ovl: fixed the warning in ovlcreatereal Syzbot triggered the following warning in ovlworkdircreate - ovlcreatereal: if !err && WARNON!newdentry-d inode The reason is that the cgroup2 filesystem returns from mkdir without...

Astra Linux – Vulnerability in Firefox and Thunderbird

A malicious website that could create a popup might resize the popup to overlay the address bar with its own content, causing potential confusion for users or leading to spoofing attacks. This bug only affects Thunderbird for Linux. Other operating systems are unaffected.. This vulnerability...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: The fs subsystem should pass the ATGETATTRNOSEC flag to the getattr interface function. When the vfsgetattrnosec function calls the getattr interface of a file system, the nosec flag should be propagated into this function, so th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ovl: fixed null pointer dereference in ovlgetaclrcu The following processes are involved: P1 P2 pathopenat linkpathwalk maylookup inodepermissionrcu ovlpermission aclpermissioncheck checkacl getcachedaclrcu ovlget inodeacl...

Astra Linux – Vulnerability in Firefox, Thunderbird

Through the use of reportValidity and window.open, a plain-text validation message could be displayed on another origin, potentially causing confusion for users and allowing for spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

Astra Linux – Vulnerability in Firefox and Thunderbird

Due to a sequence of events controlled by the attacker, a JavaScript alert dialog with arbitrary although unstyled contents could be displayed over an uncontrolled web page of the attacker’s choice. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Issue: ofoverlay: Early call to callchangesetinit When ofoverlayfdtapply fails, the changeset may be partially applied. It is still expected that the caller will call ofoverlayremove to clean up this partial state. However,...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ovl: Fixed a UAF Use-After-Free in ovldentryupdatereval by moving the dput function within ovllinkup. The issue arose because dputupper was called before ovldentryupdatereval, while upper-dflags was still accessed in...