Astra Linux - уязвимость в openimageio

There is an information disclosure vulnerability in the DPXOutput::close function of the OpenImageIO Project, specifically in OpenImageIO v2.4.4.2. A specially crafted ImageOutput object can lead to the leakage of heap data. An attacker can provide malicious input to trigger this vulnerability...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fixed double-release of the compute pasid. If kfdprocessdeviceinitvm returns an error after the vm is converted to a compute vm and vm-pasid is set to compute pasid, KFD will not take the pdd-drmfile reference. As a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: octeonep: Fixed the issue where the host would hang during device reboot. When the host loses heartbeat messages from the device, the driver calls the device-specific ndostop function, which frees the resources. If the driver is...

Astra Linux - уязвимость в xrdp

xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. Version 0.9.21 and earlier of xrdp contains a buffer overflow vulnerability in the xrdpmmtransprocessdrdynvcchannelclose function. There are no known solutions to thi...

Astra Linux - уязвимость в linux-5.15, linux-6.1, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: TLS: Fix for race conditions between async notify and socket close The thread that submitted the request the one that called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete. Any code after that point...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bonding: The device was stopped in bondsetupbyslave. The commit 9eed321cde22 "net: lapbether: only support Ethernet devices" was able to keep syzbot away from net/lapb until today. In the following issue 1, a lapbether device...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mac80211: Fixed a deadlock issue in AP/VLAN handling. Syzbot reports that when APVLAN interfaces are active, closing the AP interface they belong to can lead to a deadlock. This isn’t surprising—since we use devclose to handle...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: venus: Fixed the issue where a use-after-free occurred in vdecclose. There seems to be a potential use-after-free when calling vdecclose. The firmware will add the buffer release operation to the work queue through HFI...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed a race condition between element replacement and close. The element replacement with a socket that is different from the one stored may race with the close operation, where the link of the socket is popped...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed an oops due to uninitialized variables in smb2unlink. If SMB2openinit or SMB2closeinit fails e.g., due to reconnection, the iovs structure @rqst may remain uninitialized. As a result, calling SMB2openfree,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/core: The handling of buffer mapping fails correctly in perfmmap. After a buffer is successfully allocated or an existing buffer is successfully attached, perfmmap attempts to map the buffer into the page table in read-only...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: A use-after-free issue was fixed in ksmbdsessionrpcopen. A UAF Use-After-Free issue may occur due to a race condition between ksmbdsessionrpcopen and sessionrpcclose. Adding a rpclock to the session can help protect it...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: libceph: fixed a race condition between delayedwork and cephmoncstop The way delayed work is handled in cephmoncstop is prone to races with monfault, and possibly also finishhunting. Both of these can requeue the delayed work,...

Astra Linux - уязвимость в nodejs

A memory leak could occur when a remote peer abruptly closes the socket without sending a “GOAWAY” notification. Additionally, if an invalid header is detected by nghttp2, causing the connection to be terminated by the peer, the same memory leak will be triggered. This flaw could lead to increase...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sksocket after free when sending messages. The sk-sksocket is not locked or referenced in the backlog thread. During the call to skbsendsock, there is a race condition involving the release of sksocket...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Fixed a use-after-free in printgraphfunctionflags during tracer switching. Kairui reported a UAF issue in printgraphfunctionflags during ftrace stress testing 1. This issue can be reproduced by putting a “mdelay10”...

Linux Distros Unpatched Vulnerability : CVE-2026-45185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021602)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021602 advisory. In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bondsetupbyslave Commit 9eed321cde22 net: lapbether: only support...

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

GHSA-58QX-3VCG-4XPX ws: Uninitialized memory disclosure

Impact The websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. Proof of concept js import deepStrictEqual from 'node:assert'; import WebSocket, WebSocketServer from 'ws'; const wss = new WebSocketServer port: 0,...