CVE-2026-48510

CVE-2026-48510 affects MessagePack-CSharp (C#) prior to 2.5.301 and 3.1.7. When decompressing Lz4Block or Lz4BlockArray payloads, the library reads declared uncompressed lengths from the wire and allocates output buffers before validating the data, allowing a small payload to trigger a large allo...

kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs

A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...

kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs

A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: intelth: msu: Fix for vmalloced buffers After committing the change f5ff79fddf0e “dma-mapping: remove CONFIGDMAREMAP”, there is a possibility that DMA buffers may be allocated using vmalloc, which can affect the MMAP mapping code...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this by using the cifssgsetbuf helper function, which converts vmalloc’d...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: A possible memory leak has been fixed in the allocatebuffersinternal function. The buffer within the loop should be released under the exception path; otherwise, a memory leak may occur. To mitigate...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: forbid removing buffers when legacy fileio is active The vb2ioctlremovebufs call manipulates the internal buffer list of the queue. This may potentially overwrite pointers used by the legacy fileio interface...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/smc: fixed a warning in smcrxsplice, when calling getpage The smcloregisterdmb function allocates DMB buffers using kzalloc, which are later passed to getpage in smcrxsplice. Since kmalloc memory is not page-backed, this...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Media: Iris: Gen1 – Destroy internal buffers after the firmware release. After the firmware releases, the driver did not destroy the internal buffers. This led to stale allocations that were no longer needed, especially during...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: mt76: fixed the crash in monitor mode with the sdio driver. The mt7921s driver may receive frames with fragment buffers. If a CTS packet is received in monitor mode, the payload is only 10 bytes, and 6 bytes of header padding ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3D. Coherent surfaces make sense only if the host renders to them using accelerated APIs. Without 3D, all the content in dumb buffers remains on the guest, making all the addition...

nginx 1.13.10 < 1.30.3 / 1.31.x < 1.31.2 Buffer Overflow

The installed version of nginx is 1.13.10 prior to 1.30.3, or 1.31.x prior to 1.31.2. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

EUVD-2026-37718

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

PT-2026-50438

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source versions prior to 1.31.2-1.1 Description An issue exists in the ngx http proxy v2 module and ngx http grpc module modules. The problem occurs when the proxy http version is set to 2 ...

openssl: Use After Free with SSL_free_buffers

A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSLfreebuffers function may cause memory to be accessed that was previously freed in some situations...

CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

SUSE SLES12 Security Update : gnutls (SUSE-SU-2026:2366-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2366-1 advisory. This update for gnutls fixes the following issues - CVE-2026-33845: buffers: switch from endoffset over to fraglength bsc1263704. -...