CVE-2026-48700

A flaw was found in PCManFM-Qt. This vulnerability allows an attacker to achieve arbitrary code execution or bypass network security restrictions. This occurs when a specially crafted file path, provided as a Uniform Resource Identifier URI in a D-Bus method call, causes PCManFM-Qt to open the fi...

CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fixed an Oops after disconnection in niusb. If the USB dongle is disconnected, subsequent calls to the driver will cause a NULL dereference Oops, as the businterface is set to NULL upon disconnection. This issue w...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiqgswip: The operation gswipremove should perform the ofnodeputpriv-ds-slavemiibus-dev.ofnode before calling mdiobusfreepriv-ds-slavemiibus...

CLSA-2026-1778773906 PackageKit: Fix of CVE-2026-41651

CVE-2026-41651: fix TOCTOU race on cached transaction flags that allowed unprivileged users to install arbitrary RPM packages as root via the PackageKit D-Bus interface, leading to local privilege escalation; reject re-invocation of action methods on transactions that have left the NEW state...

EUVD-2026-29921

The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd...

CVE-2026-44931 malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API

The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd...

CVE-2026-44931

CVE-2026-44931 affects malcontent-timerd. The newly added RecordUsage D-Bus method in libmalcontent-timer/child-timer-service.c (0.14.0) allows arbitrary system users to slowly exhaust disk space at /var/lib/malcontent-timerd. Metrics show local attack vector with no privileges required and no us...

CVE-2026-43375

In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...

EUVD-2026-27783

In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: initialise event handler read bytes IPMB doesn't use i2c reads, but the handler needs to set a value. Otherwise an i2c read will return an uninitialised value from the bus driver...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fixed an Oops after disconnection in agilent USB. If the agilent USB dongle is disconnected, subsequent calls to the driver will cause a NULL dereference Oops, as the businterface is set to NULL upon disconnection...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Range check CHDBOFF and ERDBOFF If the value read from the CHDBOFF and ERDBOFF registers is outside the range of the MHI register space then an invalid address might be computed which later causes a kernel panic...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: drm/msm/disp/dpu1: Set vbif hw config to NULL to avoid use after memory free during pm runtime resume BUG: Unable to handle kernel paging requests at virtual address 006b6b6b6b6b6be3 Call trace: dpuvbifinitmemtypes+0x40/0xb8...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Fixed a race condition between unprepare and queuebuf. A client driver may use mhiunpreparefromtransfer to quiesce incoming data during the client driver’s tear-down process. The client driver might also be...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: PCI: kirin: Fix for buffer overflow in kirinpcieparseport Within kirinpcieparseport, the value of pcie-numslots is compared to pcie-gpioidreset size MAXPCISLOTS, which is incorrect and could lead to a buffer overflow. Therefore,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...

CLSA-2026-1777633439 kernel: Fix of 142 CVEs

crypto: algifaead - Fix minimum RX size check for decryption CVE-2026-31431 - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl CVE-2026-31431 - crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec CVE-2026-31431 - crypto: authencesn - Fix src offset when...

CVE-2026-23291 nfc: pn533: properly drop the usb interface reference on disconnect

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was grabbed in the probe callback. Fix this up b...

Unity Linux 20.1060e / 20.1070e Security Update: udisks2 (UTSA-2026-006231)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006231 advisory. A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler...

PT-2026-25531

Your package manager's D-Bus interface is root-privileged, always-on, and crashes instantly if you whisper the wrong locale at it. CVE-2026-3836. CVSS 7.5. No auth required. The tool patching your system was the hole. Upgrade dnf5 now. https://t.co/scoaPCnClG...