Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: fscrypt: fixed an underflow issue during left shift when inode-iblkbits PAGESHIFT When simulating an nvme device on qemu with both logicalblocksize and physicalblocksize set to 8 KiB, an error trace appears during partition...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: A stack overflow issue was fixed when loading vlenb. The user-space load mechanism can place up to 2048 bits into the xlen bit stack buffer. Since we only need the xlen bits, we check the size of the buffer in advanc...

Astra Linux – Vulnerability in Firefox

An attacker could read 32 bits of values that were spilled onto the stack in a JIT-compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

Astra Linux – Vulnerability in p7zip

7-Zip 22.01 does not report an error for certain invalid xz files that involve stream flags and reserved bits. Some later versions are unaffected...

Astra Linux – Vulnerability in Firefox

When parsing internationalized domain names, the high bits of the characters in the URLs were sometimes removed, resulting in inconsistencies that could cause confusion for users or lead to attacks like phishing. This vulnerability affects Firefox versions earlier than 94...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clearing workbit to handle error conditions During an error with the CLOSEINSTANCE command, ctxworkbits wasn’t cleared. Subsequently, dereferencing a NULL pointer in this context led to kernel panic. This patch...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: synclinked regs must preserve subregdef Range propagation must not affect subregdef marks. Otherwise, the following example is rewritten incorrectly by the verifier when the BPFFTESTRNDHI32 flag is set: 0: call bpfktimegetns...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: checking the bounds of read/write syscalls. The count and offset parameters are passed from user space without being checked. Only the offset is capped at 40 bits, which can be used to read/write data beyond the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channel bits when all channels are found. If a USB audio device sets more bits than the number of channels it supports, it may write data outside of the map array...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hiding the first-in-list PCIe extended capabilities There are cases where a PCIe extended capability should be hidden from the user. For example, an unknown capability i.e., a capability with an ID greater than...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs/9p: Only the RWX permissions are translated for the plain 9P2000. Garbage data is allowed to pass through the perm bits of the plain 9P2000, allowing it to set, among other things, the suid bit. This probably wasn’t the intend...

Astra Linux - Vulnerability in Golang-1.19

Extremely large RSA keys in certificate chains can cause clients and servers to spend significant CPU time verifying signatures. With this fix, the size of RSA keys transmitted during handshake operations is limited to 8192 bits or less. Based on a survey of publicly trusted RSA keys, there are...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: hfsplus: Verify the inode mode when loading from disk. syzbot reports that the SIFMT bits of the inode-imode field can become invalid when the SIFMT bits of the 16-bit “mode” field loaded from disk are corrupted. According to ...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nvmem: Fixed the shift-out-of-bound issue UBSAN when using cells with byte-sized bits. If a cell has “nbits” that is a multiple of BITSPERBYTE, the logic p &= GENMASKcell-nbits % BITSPERBYTE - 1, 0; will result in undefined...

Linux Distros Unpatched Vulnerability : CVE-2026-43033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place src != dst, there is no need to save...

CVE-2026-43033

A flaw was found in the Linux kernel's authencesn cryptographic module. When performing out-of-place decryption where source and destination data buffers are different, the system incorrectly handles high-order sequence bits. This leads to improper data rearrangement before hashing, which could...

CVE-2026-43033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place src != dst, there is no need to save the high-order sequence bits in dst as it could simply be re-copied...

EUVD-2026-26632

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place src != dst, there is no need to save the high-order sequence bits in dst as it could simply be re-copied...

CVE-2026-31710 smb: client: fix dir separator in SMB1 UNIX mounts

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the crypto authencesn module failing to save the high sequence bits in dst when decrypting out-of-place,...