EUVD-2026-39839

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter defreservedsize defines the default buffer size reserved for each Sgfd and should be restricted to a range between 0 and 1,048,576 see...

CVE-2026-55699

CVE-2026-55699 affects pnpm. Prior to versions 10.34.2 and 11.5.3, manifest bin object keys such as "", ".", and ".." could bypass the bin-name guard. In a scenario where a malicious global package is installed, downstream global remove/update/add-replacement flows could re-derive those names and...

CVE-2026-55699 pnpm: reserved bin name deletes PNPM_HOME during global remove

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

K000161911: Node.js vulnerability CVE-2026-48936

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority CNA. This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. CVE-2026-48936 Impact There is no impact; F5 products are not affected by this...

CVE-2020-9713

CVE-2020-9713 is an out-of-bounds read (CWE-125) in Adobe Acrobat and Reader. Affected are versions including 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. The vulnerability could disclose sensitive memory and requires user interaction (vi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm – Requesting a reserved interrupt for the virtual function The device interrupt vector 3 is an error interrupt for physical functions, and it is also a reserved interrupt for virtual functions. However, the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPUVARESERVEDTRAPSIZE to 64KB Currently, AMDGPUVARESERVEDTRAPSIZE is hardcoded to 8KB, while KFDCWSRTBATMASIZE is defined as 2 PAGESIZE. On systems with 4K pages, both values match 8KB, so allocation and...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: A overflow issue was identified in IOMMUTESTOPADDRESERVED. syzkaller discovered that this could lead to an overflow in the test infrastructure and cause a WARN message by corrupting the reserved interval tree...

Astra Linux – Vulnerability in p7zip

7-Zip 22.01 does not report an error for certain invalid xz files that involve stream flags and reserved bits. Some later versions are unaffected...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: core: Ensure that the allocated report buffer can contain the reserved report ID. When the report ID is not used, the low-level transport drivers expect the first byte to be 0. However, currently, the allocated buffer does n...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 “arm: extend pfnvalid to take into account freed memory map alignment” changes the semantics of pfnvalid to check the presence ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for the usmmigrateexecqueue. The GuC context scheduling queue contains 2 entries. Therefore, it is possible for a migration job to get stuck behind a fault if the migrateexecqueue shares...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: vmxnet3: Fixed the missing reserved tailroom. Use rbi-len instead of rcd-len for non-data-carrying packets. Issues found: XDPWARN: xdpupdateframefrombuffline:278: Driver BUG: missing reserved tailroom WARNING: CPU: 0 PID: 0 at...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: NVMe: Fixed the failure in reconnection due to reserved tag allocation. We identified an issue in a production environment while using NVMe over RDMA. The reconnection of adminq failed indefinitely, even when the remote target an...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: All fields within the struct nexthopgrp structure must be initialized. The struct nexthopgrp contains two reserved fields that are not initialized by nlaputnhgroup, and these fields contain garbage values. This can ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k – Do not allow overwriting of ENDPOINT0 attributes A malicious USB device can construct a service connection response message with the target endpoint being ENDPOINT0, which is reserved for HTCCTRLRSVDSVC and should n...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: Take the hugetlblock before decrementing h-resvhugepages. The h-hugepages counters are protected by the hugetlblock, but allochugepage has a corner-case scenario where it can decrement the counter outside of the lock...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: Add a check for reserved GDT blocks We have identified a NULL pointer issue when resizing a corrupted ext4 image that has recently had the resize inode feature disabled without running e2fsck. This issue can be reproduced b...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixing inode number range checks The patch series “nilfs2: Fixing potential issues related to reserved inodes” addresses these issues. This series fixes a use-after-free issue reported by syzbot, which was caused by th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: EFI: In runtime mode, a potential overflow of the size of the soft-reserved region has been fixed. If there are pages worth ≥ 4GB in a soft-reserved region, the value of mdsize will be reduced...