CVE-2026-42534 Jostle logic bypass degrades resolution performance

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potentia...

CVE-2026-41292

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: pmdomain: arm: Fixed NULL dereference upon removal of scmiperfdomain When the scmiperfdomain module was unloaded, a segmentation fault occurred. In the test system provided to the system under test, the power-domain-cells...

Astra Linux - уязвимость в firefox

When using the Performance API, attackers were able to detect subtle differences between PerformanceEntries, thereby determining whether the target URL had undergone a redirect. This vulnerability affects Firefox 103...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: Do not request stats with a stats buffer of size “0”. Sachin reported 1 that on a POWER-10 lpar, he is encountering a kernel panic when the paprscm probe is called. The panic occurs as follows, and it only occurs...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: idpf: converting workqueues to unbound mode When a workqueue is created with WQUNBOUND, its work items are served by special worker-pools, whose host workers are not bound to any specific CPU. In the default configuration i.e.,...

Astra Linux - уязвимость в firefox, thunderbird

A violation of the same-origin policy could have allowed the theft of cross-origin URL entries, leading to the leakage of the results of a redirect, through the use of performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

Astra Linux - уязвимость в firefox

The Performance API did not properly hide the fact that whether a request to a cross-origin resource has observed redirects. This vulnerability affects Firefox versions less than 100...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom-hw: A memory leak has been fixed in qcomcpufreqhwreadlut. If qcomcpufreqhwreadlut fails to obtain the operation table, the program will terminate, resulting in the “table” resource not being released...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Stop the active performance monitor before destroying it. Upon closing the file descriptor, the active performance monitor is not stopped. Although all performance monitors are destroyed in vc4perfmonclosefile, the point...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/core: Always clear status for idx The variable status which contains the unhandled overflow bits is not being properly masked in some cases, resulting in the following warning: WARNING: CPU: 156 PID: 475601 at...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/hns: Fixed the issue where the CPU got stuck due to printouts during reset. During reset, commands to destroy resources such as qp, cq, and mr may fail, and error logs will be printed. When a large number of resources are...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmuctx-pmu for groups. Oliver reported that the x86pmudel function actually performed an out-of-bound memory access when groupschedin failed and needed to be rolled back. This issue should be handled by the...

Astra Linux - уязвимость в chromium

Inappropriate implementations of performance APIs in Google Chrome prior to version 89.0.4389.72 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fixed a system hang caused by CPU-clock usage. CPU-clock usage by the async-profiler tool can trigger a system hang. This issue was fixed in the commit made by Octavia Togami: 18dbcbfabfff “perf: Fixed the POLLHUP...

Astra Linux - уязвимость в edk2

The BootPerformanceTable pointer is retrieved from an NVRAM variable within PEI. It is recommended that the PcdFirmwarePerformanceDataTableS3Support be set to FALSE...

Astra Linux - уязвимость в bind9

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of the BIND Supported Preview Edition, as well as release version 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploiting broken authoritative servers using a flaw in response...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Move the event pointer setup earlier in x86pmuenable A production AMD EPYC system crashed due to a NULL pointer dereference in the PMU NMI handler: BUG: NULL pointer dereference in the kernel, address: 0000000000000198...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context. TX/RX callback handlers ntbnetdevtxhandler, ntbnetdevrxhandler can be called in interrupt context via the DMA framework after the respective DMA operations are completed...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fixed a potential division-by-zero error in emcomputecosts. When the device is of a non-CPU type, tablei.performance will not be initialized in the previous eminitperformance. This results in a division by zero when...