Linux Distros Unpatched Vulnerability : CVE-2026-53036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instructi...

EUVD-2026-38837

In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...

CVE-2026-53036 bpf, arm64: Fix off-by-one in check_imm signed range check

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: BPF: Do not use tnumrange for array range checking when dealing with poke descriptors. Hsin-Wei reported a KASAN issue triggered by their BPF runtime fuzzer, which is based on a customized syzkaller: - BUG: KASAN: Out-of-bound...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmsmac – added a gain range check to wlcPhyiqcalgainparamsnphy. In wlcPhyiqcalgainparamsnphy, add a gain range check to WARN, instead of potentially unsafe access to the tbliqcalgainparamsnphy array. This fix has been...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The lock-range check for files with equal size is skipped, to avoid underflow when size == 0. When size equals the current isize including 0, the code that calls checklockrangefilp, isize, size - 1, WRITE will compute size...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: added a range check for connrspepid in htcconnectservice. I have identified the following bugs in my fuzzer: UBSAN: Array index out of bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 Index 255 is out of range...

CVE-2026-46303

In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to sbbread without checking that the block number is within the mounted I...

PT-2026-46902

Name of the Vulnerable Software and Affected Versions Graphite versions prior to 1.3.15 Description An integer underflow occurs via Graphite actions because the slotat function fails to ensure that an offset remains within the allowed slot-map range, leading to an out-of-bounds write...

EUVD-2026-32883

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In ext4, the “set goal start” operation is performed correctly in ext4mbnormalizerequest. We need to set acgex to notify the goal start used in ext4mbfindbygoal. Set acgex instead of acfex in ext4mbnormalizerequest. Additionally,...

CVE-2026-43110

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmffwehhandleifevent validates the firmware-provided interface index before it touches drvr-iflist, but it still uses the raw bsscfgidx field as an array index without a...

EUVD-2026-26629

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix regsafe for pointers to packet In case rold-reg-range == BEYONDPKTEND && rcur-reg-range == N regsafe may return true which may lead to current state with valid packet range not being explored. Fix the bug...

GHSA-W5HQ-G745-H8PQ uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Summary The v3, v5, and v6 API methods not uuid release versions accept external output buffers but do not reject out-of-range writes small buf or large offset. By contrast, v4, v1, and v7 API methods explicitly throw RangeError on invalid bounds. This inconsistency allows silent partial writes...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013188)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013188 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4mbnormalizerequest We need to set acgex to notify the goal...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013194)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013194 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN...

EUVD-2026-21609

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...

CVE-2026-40198

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...

CVE-2026-5466

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

UBUNTU-CVE-2026-5466

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...