Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fixed an Oops after disconnection in niusb. If the USB dongle is disconnected, subsequent calls to the driver will cause a NULL dereference Oops, as the businterface is set to NULL upon disconnection. This issue w...

CVE-2026-2604

A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...

EulerOS Virtualization 2.10.0 : avahi (EulerOS-SA-2026-2042)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, ...

CVE-2026-48700

A flaw was found in PCManFM-Qt. This vulnerability allows an attacker to achieve arbitrary code execution or bypass network security restrictions. This occurs when a specially crafted file path, provided as a Uniform Resource Identifier URI in a D-Bus method call, causes PCManFM-Qt to open the fi...

CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fixed an Oops after disconnection in agilent USB. If the agilent USB dongle is disconnected, subsequent calls to the driver will cause a NULL dereference Oops, as the businterface is set to NULL upon disconnection...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiqgswip: The operation gswipremove should perform the ofnodeputpriv-ds-slavemiibus-dev.ofnode before calling mdiobusfreepriv-ds-slavemiibus...

CLSA-2026-1778773906 PackageKit: Fix of CVE-2026-41651

CVE-2026-41651: fix TOCTOU race on cached transaction flags that allowed unprivileged users to install arbitrary RPM packages as root via the PackageKit D-Bus interface, leading to local privilege escalation; reject re-invocation of action methods on transactions that have left the NEW state...

EUVD-2026-29921

The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd...

CVE-2026-44931

CVE-2026-44931 affects malcontent-timerd. The newly added RecordUsage D-Bus method in libmalcontent-timer/child-timer-service.c (0.14.0) allows arbitrary system users to slowly exhaust disk space at /var/lib/malcontent-timerd. Metrics show local attack vector with no privileges required and no us...

CVE-2026-44931 malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API

The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd...

CVE-2026-43375

In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...

EUVD-2026-27783

In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: initialise event handler read bytes IPMB doesn't use i2c reads, but the handler needs to set a value. Otherwise an i2c read will return an uninitialised value from the bus driver...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/disp/dpu1: Set vbif hw config to NULL to avoid use after memory free during pm runtime resume BUG: Unable to handle kernel paging requests at virtual address 006b6b6b6b6b6be3 Call trace: dpuvbifinitmemtypes+0x40/0xb8...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Range checks for the CHDBOFF and ERDBOFF registers. If the values read from the CHDBOFF and ERDBOFF registers are outside the range of the MHI register space, an invalid address may be calculated, which can later...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device; this value can be any number between 0 and 255. To prevent out-of-bounds access, a...

CLSA-2026-1777633439 kernel: Fix of 142 CVEs

crypto: algifaead - Fix minimum RX size check for decryption CVE-2026-31431 - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl CVE-2026-31431 - crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec CVE-2026-31431 - crypto: authencesn - Fix src offset when...

CVE-2026-23291 nfc: pn533: properly drop the usb interface reference on disconnect

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was grabbed in the probe callback. Fix this up b...

Unity Linux 20.1060e / 20.1070e Security Update: udisks2 (UTSA-2026-006231)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006231 advisory. A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler...

PT-2026-25531

Your package manager's D-Bus interface is root-privileged, always-on, and crashes instantly if you whisper the wrong locale at it. CVE-2026-3836. CVSS 7.5. No auth required. The tool patching your system was the hole. Upgrade dnf5 now. https://t.co/scoaPCnClG...