DEBIAN-CVE-2026-53284

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

CVE-2026-53284

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

EUVD-2026-38990

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit When using the flushoncommit mount option, we can have a deadlock between a transaction commit and a reflink operation that copied an inline exte...

Insufficient Verification of Data Authenticity

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webhook.php process. An attacker can manipulate wallet balances and gain unauthorized access to premium...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables – Do not compare internal table flags during updates. If a table update does not modify the flags, skip the transaction...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Firewire: Core – Fixing a race condition with the transaction list The list of transactions is enumerated without acquiring the card lock when processing the AR response event. This causes a race condition bug when processing the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed a warning that occurs when performing a transaction with qgroups enabled after an abort. If we encounter an abort of a transaction with qgroups enabled, a warning is triggered during the final operation to put the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle the deactivation of DBCs when the owner leaves. When a DBC is released, the device sends a QAICTRANSDEACTIVATEFROMDEV transaction to the host via the QAICCONTROL MHI channel. QAIC handles this by calling...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Do not set the encryption key during the jbd2 transaction. A commit labeled “a80f7fcf1867” “ext4: fixup ext4fctrack functions’ signature” extended the scope of the transaction in ext4unlink too far, causing it to include a...

Astra Linux – Vulnerability in Consul

HashiCorp Consul and Consul Enterprise 1.10.1: The TXN.Apply endpoint allows for the registration of proxies for other services, enabling access to service traffic. This feature was fixed in versions 1.8.15, 1.9.9, and 1.10.2...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a use-after-free after failing to create a snapshot. In ioctl.c’s createsnapshot function, we allocate a pending snapshot structure and then attach it to the transaction’s list of pending snapshots. After that, we ca...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: The reloc control parameter is not set if the transaction commit fails in preparetorelocate. In btrfsrelocateblockgroup, the rc parameter is allocated. Then, btrfsrelocateblockgroup calls relocateblockgroup, which calls...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed an assertion failure that occurred when splitting an ordered extent after a transaction abort. If a direct IO write transaction abort occurs, we mark all existing ordered extents with the BTRFSORDEREDIOERR flag done...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: AppArmor: A memory leak has been fixed in multitransactionnew. In multitransactionnew, the variable t is not freed or passed away after a failure in the copyfromusert-data, buf, size operation. This could lead to a memory leak...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: The backend for setting up DEAD bits was changed to use the GC transaction API. The old and buggy gc API and the busy mark approach have been replaced with the GC transaction API. No set elements are remov...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: slimbus: Messaging: The transaction ID is not freed in a delayed interrupt scenario. In cases where an interrupt is delayed for any reason, the slimdotransfer function returns a timeout error, but the transaction ID TID is not...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Unconditionally flushes pending work before the notifier syzbot reports: KASAN: Slab-uaf in nftctxupdate, include/net/netfilter/nftables.h: 1831 KASAN: Slab-uaf in nftcommitrelease,...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fixed DIO failure due to insufficient transaction credits The code in ocfs2dioendiowrite estimates the number of transaction credits required using ocfs2calcextendcredits. However, this does not take into account that the ...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: cxgb4: Avoid accessing registers when clearing filters. A hardware register that contains the server TID base can contain invalid values when the adapter is in a faulty state for example, due to an AER fatal error. Reading these...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Binder: Fixed a UAF in bindersnetlinkreport. Oneway transactions sent to frozen targets via bindersproctransaction return an BRTRANSACTIONPENDINGFROZEN error, but they are still treated as successful since the target is expected ...