Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check the control transfer buffer size before accessing it. If the first fragment is shorter than struct usbcdcnotification, we cannot calculate the expectedsize. Instead, log an error and discard the notification...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Memory issue: fslifc – fixed the leak of private memory during probe failures. During probe errors, the driver should release the memory allocated for private structures. This issue was fixed by using resource-managed allocation...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005i2cxfer In af9005i2cxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious data will eventually...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - net: 9p: fixed a refcount leak in error handling of p9readwork. - p9reqput must be called when m-rreq-rc.sdata is NULL to avoid a temporary refcount leak. Dominique: made changes to the commit message, fixed arguments for...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/gup: Fixed the FOLLFORCE COW security issue and removed FOLLCOW. Since the Dirty COW CVE-2016-5195 security issue occurred, we know that FOLLFORCE can potentially be dangerous, especially if there are races that can be exploit...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: cfg80211: Values of NL80211ATTRTXQQUANTUM are restricted. syzbot can trigger soft lockups by setting NL80211ATTRTXQQUANTUM to 2^31. We had a similar issue in schfq, which was fixed in the commit d9e15a273306 „pktsched: f...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: In tcp, use refcountincnotzero in tcptwskunique. Anderson Nascimento reported a use-after-free issue in tcptwskunique, with a detailed analysis. Since the commit ec94c2696f0b „tcp/dccp: avoid one atomic operation for timewait...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for accessing an uninitialized lock in the fc replay path. The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with the fast-commit feature enabled: INFO: Trying to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fixed the potential deadlock issue. When some client process A calls pdraddlookup to add a lookup for the service and performs scheduling-related tasks, another process B receives a new server packet indicating th...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Do not use DSISR for SLB faults. Since commit 46ddcb3950a2 “powerpc/mm: Show if a bad page fault on data is read or write”, we use pagefaultiswriteregs-dsisr in badpagefault to determine whether the fault is for a re...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not erase the value of ret in btrfsvalidatesuper. Commit 2a9bb78cfd36 “btrfs: validate the system chunk array in btrfsvalidatesuper” introduces a call to validatesyschunkarray in btrfsvalidatesuper, which erases the val...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: The kexecbuf structure was previously declared without initialization. The patch series “kexec: Fix invalid field access” addresses this issue. The kexecBuf structure was declared without being initialized. The comm...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fixed SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to NTARMSVE regset can place the tracee into an invalid state. In this state, non-streaming SVE register data i...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: virtionet: Added a check for hashkeylength. A check for hashkeylength was added in virtnetprobe to avoid possible out-of-bounds errors when setting/read the hash key...

Spring Cloud - Remote Code Execution

Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions are susceptible to remote code execution vulnerabilities. When using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and...

Exploit for Improper Authorization in Apache Tomcat

CVE-2026-43515 — Apache Tomcat Security Constraint Bypass...

Security update for azure-storage-azcopy

This update for azure-storage-azcopy fixes the following issues Update to 10.32.4: CVE-2025-47907: database/sql: incorrect results returned from Rows.Scan bsc1247720. CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header...

SUSE-SU-2026:2466-1 Security update for azure-storage-azcopy

This update for azure-storage-azcopy fixes the following issues Update to 10.32.4: - CVE-2025-47907: database/sql: incorrect results returned from Rows.Scan bsc1247720. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

CVE-2026-56138

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...