Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Added a null pointer check to attrloadrunsvcn Some metadata files are processed before the MFT. This requires adding a null pointer check for certain corner cases that could lead to NPD when reading these metadata...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/Mellanox: mlxbf-pmc – added sysfsattrinit to countClock init. The lock-related debugging logic CONFIGLOCKSTAT in the kernel issues the following warning when the BlueField-3 SOC is booted: BUG: The key ffff00008a3402a8 h...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fixed an infinite loop in attrloadrunsrange when there are inconsistencies in metadata. We have identified a bug in the ntfs3 file system that can lead to a Denial-of-Service DoS attack. A malformed NTFS image can caus...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fixed a reference leak in the GID entry when the createah operation fails. If the AH create request fails, the sgidattr should be released to avoid a reference leak during the release of the GID table...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTRLIST We have identified a bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite loop when the ATTRLI...

@2nova/wu-ui (>=1.1.0 <=1.3.12), @action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5) +1678 more potentially affected by unknown CVE via @antv/attr (>=0.0.7 <=0.3.5)

@antv/attr NPM version =0.0.7, =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =0.1.0, =0.5.0-alpha.0, =0.1.0, =0.5.0-alpha.0, =0.5.0-alpha.0, =0.1.0, =0.1.0, =0.1.0, =0.5.0-alpha.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3852...

Malicious code in @antv/attr (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017697)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017697 advisory. A heap-based buffer over-read in H5Oattrdecode in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5...

SUSE CVE-2025-71289

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attrsetsize errors when truncating files If attrsetsize fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state...

CVE-2025-71289

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attrsetsize errors when truncating files If attrsetsize fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state...

CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attrsetsize errors when truncating files If attrsetsize fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state...

CVE-2025-71289

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attrsetsize errors when truncating files If attrsetsize fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state...

CVE-2025-71289

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attrsetsize errors when truncating files If attrsetsize fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state...

CVE-2026-43153

CVE-2026-43153 affects the Linux kernel’s XFS attribute handling: the function xfs_attr_leaf_hasname has an problematic calling convention that can mishandle buffers. The fix is to open-code xfs_attr_leaf_hasname in callers so each caller of xfs_attr3_leaf_read manages buffer release. The issue i...

PT-2026-37454

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the fs/ntfs3 component where errors occurring during the attr set size function call are silently ignored when truncating files down. This can lead to the inode being...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ntfs3 file system’s failure to handle the attrsetsize function error when truncating files,...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fixed a potential memory leak in paprgetattr. The buffer is allocated in paprgetattr, and the krealloc call for buf could fail. In the event of a failure, we need to free the original buf...

Astra Linux - уязвимость в linux, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Check the validation of faultattrs in f2fsbuildfaultattr. It failed to check the validation of faultattrs in parseoptions. We will fix this by adding a check condition in f2fsbuildfaultattr. Also, use f2fsbuildfaultattr ...

Astra Linux - уязвимость в linux-5.15

A flaw in the NULL Pointer Dereference mechanism within the Linux kernel’s NTFS3 driver function attrpunchhole was identified. A local user could exploit this flaw to crash the system...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: The inode is marked as “bad” as soon as an error is detected using the mienumattr function. The interface of the miEnumAttr function was extended by adding an additional parameter, struct ntfsinode ni. This allows the...