Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible’s amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to exploit the issue, as the module handles the parameter insecurely, resulting in the password being leaked in the logs...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dm: fixed a use-after-free in dmcleanupzoneddev dmcleanupzoneddev uses a queue, so it must be called before blkcleanupdisk starts its execution: blkcleanupdisk-blkcleanupqueue-kobjectput-blkreleasequeue-...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: The severity of the WARN message has been reduced to be sent via devdbg in the callback. The warning is triggered due to a known race condition, which is documented in the code above. This issue is now properly...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: hrtimers: Properly handle CPU state during hotplug events. Consider a scenario where a CPU transitions from CPUHPONLINE to CPUHPHRTIMERSPREPARE after a CPU is unplugged, and then back to CPUHPONLINE again. Since the...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Media: i2c: et8ek8: Do not discard the remove function when the driver is built-in. Using exit for the remove function results in the remove callback being discarded when CONFIGVIDEOET8EK8=y. When such a device is unbound e.g.,...

Astra Linux - уязвимость в linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: xc2028: Avoid use-after-free in loadfirmwarecb Syzkaller reported a use-after-free in loadfirmwarecb. The reason is that the module allocated a struct tuner in tunerprobe, and then the module initialization failed, causing...

Astra Linux - уязвимость в linux-5.15, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/smmuv3: Fixed the hotplug callback leak in armsmmupmuinit. armsmmupmuinit does not remove the callback added by cpuhpsetupstatemulti when platformdriverregister fails. The callback must be removed by cpuhpremovemultistate in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fixed the memory leak of efivarfsfsinfo in situations where the fscontext is being initialized. When processing mount options, efivarfs allocates efivarfsfsinfo sfi early during the initialization of the fscontext...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: davinci: vpif: fix use-after-free on driver unbind The driver allocates and registers two platform device structures during probe, but the devices were never deregistered on driver unbind. This results in a use-after-free ...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevention of use after freeing gicv2mgetfwnode. With ACPI enabled, the gicv2mgetfwnode function is registered with the PCI subsystem as pcimsigetfwnodecb. This function may be called during a PCI host bridge pro...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/connector: Only call HDMIaudiohelperpluggedcb if fn is not null. During driver removal, sound/soc/codecs/hdmicodec.c calls HDMIaudiohelperpluggedcb with NULL as the callback function and codecdev. As seen in its hdmiremove...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fixed an oops during rmmod on single-CPU platforms. During the removal of the idxd driver, a registered offline callback was invoked as part of the cleanup process. However, on systems with only one CPU online, n...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: perf/armdmc620: Fixed the hotplug callback leak in dmc620pmuinit. The dmc620pmuinit function does not remove the callback added by cpuhpsetupstatemulti when platformdriverregister fails. The callback must be removed by...

CVE-2026-4658

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

CVE-2026-7518

A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...

SUSE CVE-2026-31701

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in createcard The caiaq driver stores a pointer to the parent USB device in cdev-chip.dev but never takes a reference on it. The card's privatefree callback, sndusbcaiaqcardfree, ca...

SUSE CVE-2026-31719

In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this...

WordPress plugin Essential Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-43021

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...

CVE-2026-31756

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...