CVE-2026-48778 Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Mark the bpf prog stack with kmsanunpoisonmemory in interpreter mode. syzbot reported uninitialized memory usage during maplookup,deleteelem. ========== BUG: KMSAN: uninitvalue in devmaplookupelem kernel/bpf/devmap.c:441...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: SCTP: Set skstate back to CLOSED if autobind fails in sctplistenstart. In sctplistenstart called by sctpinetlisten, it should set skstate back to CLOSED if sctpautobind fails for any reason. Otherwise, the next time...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Networks: Ethernet; mtkethsoc: fixed the issue of PPE hanging. A patch to resolve this issue was found in MediaTek’s GPL-licensed SDK. In the mtkppestop function, the PPE scan mode is not disabled before disabling the PPE. This...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fixed the use of VAS memory after freeing it. The reference count on the memory module is lowered before the coprocessor is detached...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: Fixed a potential race condition in fib6 Droppcpufrom. syzbot detected a race condition in fib6 Droppcpufrom 1. If the compiler reads the value more than once ppcpurt, the second reading might result in NULL, especially ...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: meson: axg-card: fixed “use-after-free” issue The buffer “card-dailink” is reallocated in “mesoncardreallocatelinks”. Therefore, the initialization of the “pad” pointer should be moved after this function, when the memor...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

A denial-of-service vulnerability was discovered in tipccryptokeyrevoke in the net/tipc/crypto.c file within the TIPC subsystem of the Linux kernel. This flaw allows guests with local user privileges to trigger a deadlock and potentially cause the system to crash...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

Closing an event channel in the Linux kernel can lead to a deadlock. This occurs when the closure operation is performed in parallel with an unrelated Xen console action, and the handling of a Xen console interrupt occurs in a unprivileged guest. The closure of an event channel is triggered, for...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

A vulnerability was reported in the Open vSwitch sub-component of the Linux kernel. The flaw occurs when a recursive operation of the code push calls into the code block recursively. The OVS module does not validate the stack depth, causing too many frames to be pushed onto the stack, leading to ...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A null pointer dereference flaw was discovered in the hugetlbfsfillsuper function within the Linux kernel’s hugetlbfs Huge TLB pages functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV-ES intra-host migration if vCPU creation is in progress Migrations of SEV-ES states are rejected if either the source or destination VM is actively creating a vCPU. This occurs when the kvmvmioctlcreatevcpu...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Fixed a NULL pointer dereference in ‘niwrite inode’. Syzbot identified the following issue: Unable to handle a NULL pointer dereference at the virtual address 0000000000000016. Memory abort information: ESR =...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: rejecting negative ifindex values Recent changes in net-next commit 759ab1edb56c refactored the handling of pre-assigned ifindex values. This led to a latent issue in ovs. ovs does not validate ifindex values,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: PCI: Free releases resources after coalescing. The releaseresource function does not actually free the resource or the resource list. To avoid a leak, the resource list entry is freed instead...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: icmp6: Fixed the null-ptr-deref of ip6nullentry-rt6iidev in icmp6dev. With some IPv6 Ext Hdr RPL, SRv6, etc., we can send a packet that has the link-local address as src and dst IP, and it will be forwarded to an external IP in t...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously, the cp2112 driver called INITDELAYEDWORK within cp2112 gpioirqstartup, resulting in duplicate initializations of the workqueue during subsequent IRQ starts after an...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: added a bounds check in the putuser loop for DSP events. In the DSP event handling code, the putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it may overwrite data beyond t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: The page extent mapping was set after the readfolio operation in relocateonepage. One of the CI runs triggered the following panic: Assertion failed: PagePrivatepage && page-private, in fs/btrfs/subpage.c:229 ----------...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: um: time-travel: fix time corruption In the “basic” time-travel mode without =inf-cpu or =ext, we still encounter timer interrupts. These can occur at arbitrary times, for example, while inside the timerread function, which simpl...