1070 matches found
CVE-2026-53292
The CVE concerns the Linux kernel phonet code path where pn_socket_autobind() could trigger a kernel BUG_ON() when a failed bind returns -EINVAL but pn_port() remains 0. The root cause is that pn_socket_bind() could return -EINVAL when sk->sk_state is not TCP_CLOSE even if the socket was never...
CVE-2026-55693
Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...
CVE-2026-57452 Vim: Out-of-bounds Read with libsodium-encrypted Files
Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...
CVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handling
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fixed a crash that occurred when removing a device. When removing a netfront device immediately after a suspend/resume cycle, it is possible that the queues have not been re-established, resulting in a crash during...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection, as a cycle in the process could lead to a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also iterates through the maps via t...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function directly invokes sprintf on a user pointer, resulting in a crash. To fix this issue, use a small local stack buffer for sprintf, and...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: media: i2c: tc358743: Fixed a crash that occurred in the probe error path when using polling. If an error occurs in the probe function, we should remove the polling timer that was alarmed earlier. Otherwise, the timer is calle...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: eir: Fixed possible crashes when using eircreateadvdata. eircreateadvdata may attempt to add EIRFLAGS and EIRTXPOWER without checking whether those values are compatible with the structure...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: connac: Do not check WED status for non-MMIO devices WED is only supported for MMIO devices. Therefore, do not check it for USB or SDIO devices. This patch fixes the crash reported below: 21.946627 wlp0s3u1i3:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: XArray: Fixed the issue with xascreaterange when a multi-index entry is present. If there is already an entry present that is of order = XACHUNKSHIFT when we call xascreaterange, xascreaterange will misinterpret that entry as a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ice: Fixed a crash by retaining the old configuration when updating Traffic Classes beyond the allocated queues. There are issues when the number of allocated queues is less than the number of Traffic Classes. The commit...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: Reinitialize the delayed ref list after deleting it from the list. In the insertdelayedref function, if we need to update the action of an existing ref to BTRFSDROPDELAYEDREF, we delete the ref from its refhead’s refaddlis...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: md/md-bitmap: corrected incorrect usage of sbindex The commit d7038f951828 "md-bitmap: do not use -index for pages backing the bitmap file" removed page-index from the bitmap code. However, incorrect code logic was retained fo...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed a crash that occurred due to out-of-bounds access to reg2btfids. When the commit e6ac2450d6de “bpf: Support bpf programs that call kernel functions” added support for kfunc, it defined reg2btfids as a convenient way...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fixed a crash in iommusvaunbinddevice domain-mm-iommumm can be freed by iommudomainfree: iommudomainfree mmdrop mmdrop mmpasiddrop After iommudomainfree returns, accessing domain-mm-iommumm may dereference a freed mm...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mr: Consolidate the ipmrcanfreetable checks. Guoyu Yin reported a crash in the ipmr netns cleanup path: WARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmrfreetable net/ipv4/ipmr.c:440 inline WARNING: CPU: 2 PID: 14564 at...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the block layer, care should be taken when checking for NULL bdev during polling. Wei reported a crash in an application that uses polled I/O: PGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0 Oops: 0000 1 SMP CPU: 0 PID: 21915...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize objevent-objsublist before xainsert. The objevent may be loaded immediately after being inserted. If the listhead is not initialized, we may obtain a poisoned pointer. This fix resolves the crash that occurr...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: vsp1: Replace vb2isstreaming with vb2startstreamingcalled. The vsp1 driver uses the vb2isstreaming function in its .bufqueue handler to check whether the .startstreaming operation has been called. It then decides whether t...