EUVD-2026-39297

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory...

EUVD-2026-38936

In the Linux kernel, the following vulnerability has been resolved: drm/komeda: fix integer overflow in AFBC framebuffer size check The AFBC framebuffer size validation calculates the minimum required buffer size by adding the AFBC payload size to the framebuffer offset. This addition is performe...

CVE-2026-53068

The CVE-2026-53068 issue concerns the Linux kernel’s DRM Komeda driver: AFBC framebuffer size validation could overflow when computing the minimum required size as framebuffer offset plus AFBC payload. The root cause is an addition performed without overflow checks, potentially permitting an unde...

CVE-2026-3195

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed a NULL pointer dereferencing in amdgpugmcfilterfaultsremove. On APUs such as Raven and Renoir GC 9.1.0, 9.2.2, 9.3.0, the ih1 and ih2 interrupt ring buffers are not initialized. This is by design, as these...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A shift-out-of-bounds condition has been fixed due to an overly large exponent of the block size. If the slogblocksize field in the superblock data is corrupted and too large, initnilfs and loadnilfs may still trigger a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validating UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified to ensure that their sizes match the declared lengths, and that they fit within the allocated buffer sizes as well...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of the screen before memsetio In the function s3fbsetpar, the value of ‘screensize’ is calculated based on user input. If the user provides an incorrect value, the value of ‘screensize’ may be...

Astra Linux – Vulnerability in xwayland, xorg-server

A flaw was discovered in the Big Requests extension. The length of the request is multiplied by 4 before checking against the maximum allowed size, which may lead to an integer overflow and bypassing the size check...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: nfc: nci: Fixed an uninitialized value in ncidevup and ncintfpacket. syzbot reported the following uninitialized value access issue 12: The ncirxwork function parses and processes received packets. When the payload length is...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: A stack overflow issue was fixed when loading vlenb. The user-space load mechanism can place up to 2048 bits into the xlen bit stack buffer. Since we only need the xlen bits, we check the size of the buffer in advanc...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: added input size checking in procwritesimdisk A malicious user could potentially enter an arbitrarily bad value into memdupusernul, which might cause the kernel to crash. This follows the same pattern as the patc...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a slab out-of-bounds write in smbinheritdacl. The slab out-of-bounds write occurs because the offsets are larger than the allocation size of pntsd. This patch adds a check to validate the three offsets using the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transportipc: Validate the payload size before reading the handle. The handleresponse function dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed o...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Added a rough attrallocsize check...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The validation of the request buffer size was added in smb2allocaterspbuf. The response buffer should be allocated in smb2allocaterspbuf before validation of the request. However, fields within the payload as well as the...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbAllocAG Syzbot identified a crash issue: UBSAN: shift-out-of-bounds in dbAllocAG. The underlying bug lies in the lack of a check on bmp-dbagl2size. This field can be larger than 64, leading t...

EUVD-2026-37753

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in RTI Connext Professional Web Integration Service allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7., from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1...

CVE-2026-7300 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in RTI Connext Professional Web Integration Service allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7., from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1...

ROS-20260610-73-0032

The vulnerability in Thunderbird relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...