CVE-2026-9117

Summary: CVE-2026-9117 is a type confusion issue in the GFX stack of Google Chrome on Linux and ChromeOS before 148.0.7778.179. The vulnerability could allow a remote attacker who has already compromised the renderer process to potentially escape the Chrome sandbox via a crafted video file. Affec...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: Integrity: Fixed memory leakage in the keyring allocation error path. Keys are allocated in the integrityinitkeyring function. However, if the keyring allocation fails, the allocated keys are not freed, resulting in memory lea...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Added a missing check for allocorderedworkqueue. Added a check on the return value of allocorderedworkqueue, as it may return a NULL pointer, leading to a NULL pointer dereferencing issue. Patch details:...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisysfs: Fixed an issue where the function deviceadd was called multiple times. The function deviceadd should not be called multiple times, as stated in its documentation: “Do not call this routine or deviceregister...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: mediatek: mt8173: Enable IRQ when pdata is ready If the device does not come directly from reset, we might receive an IRQ before we are ready to handle it. 2.334737 Unable to handle kernel read from unreadable memory at...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fixed a potential buffer overflow caused by snprintf. snprintf returns the potentially filled size when the string exceeds the given buffer size. Therefore, using this value may lead to a buffer overflow althoug...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: An error occurred in usbsubmiturb, causing the URB to be unanchored before it is processed by gsusbreceivebulkcallback. In commit 7352e1d5932a “can: gsusb: gsusbreceivebulkcallback: fix URB...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In mm/pagealloc, the value page-private is cleared during the freepagesprepare function. Several subsystems slub, shmem, ttm, etc. use page-private, but they do not clear it before freeing pages. When these pages are later...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: The blkallocextminor function fixes the issue where the maximum minor value is blkallocextminor. The idaallocrange... min, max,... function returns values ranging from min to max, including both endpoints. Therefore, NREXTDEVT is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: samsung: Fixed a refcount leak in ariesaudioprobe. The ofparsephandle function returns a node pointer with the refcount incremented. We should use ofnodeput on it when necessary. If extconfindedevbynode fails, it does not...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: The comedi module contains a race condition between polling and detaching the device. The syzbot report indicates a use-after-free in comedi. This occurs because comedi happily removes the allocated async area, even though poll...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fixed a use-after-free issue when volume creation failed. There is a use-after-free problem related to ‘ebatbl’ in the error handling code of ubicreatevolume. The relevant code is as follows:...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jbd2: removed the incorrect sb-ssequence check. The emptiness of the journal is determined not by sb-ssequence == 0, but rather by sb-sstart == 0 which is set a few lines above. Moreover, 0 is a valid transaction ID, so the check...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fixed a use-after-free in pm8001queuecommand The commit e29c47fe8946 “scsi: pm8001: Simplified pm8001taskexec” includes refactoring efforts for pm8001queuecommand. However, this code introduces a potential cause of ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOAcacheimposrcvd receives the msg, it can trigger the Null Pointer Dereference Vulnerability if both entry and holdingtime are NULL. Because there is only for the situation where entry is...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Check the A-MSDU format more carefully. If it seems that there is another subframe within the A-MSDU, but the header is not fully present, we may end up reading data outside its expected range, which would then ne...

Astra Linux - уязвимость в linux-5.10, linux

A out-of-bounds read flaw was discovered in the Linux kernel’s TeleTYpe subsystem. The issue arises when a user triggers a race condition using ioctls TIOCSPTLCK, TIOCGPTPEER, TIOCSTI, and TCXONC, accompanied by memory leakage in the flushtoldisc function. This flaw allows a local user to crash t...

Astra Linux - уязвимость в linux

A NULL pointer dereference flaw was discovered in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem, regarding the way the user terminates the LR-WPAN connection. This flaw allows a local user to crash the system. The greatest threat posed by this vulnerability is to system...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module loading, a kthread is created that targets the pvr2contextthreadfunc function. This function may call pvr2contextdestroy, thereby calling kfree on the contex...