EUVD-2026-38826

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmapdecode When decoding osdstate and osdweight from an incoming osdmap in osdmapdecode, both are decoded for each osd, i.e., map-maxosd times. The cephdecodeneed check only accoun...

CVE-2026-56116

A flaw was found in dhcpcd. An unauthenticated attacker on the same network link can exploit a memory leak vulnerability in the IPv6 Router Advertisement route information handling. By repeatedly sending specially crafted Router Advertisements with a zero lifetime, the attacker can cause the syst...

CVE-2026-54323 Daytona: Git credential leak via git clone with TLS verification disabled

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...

CVE-2026-56117

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

EUVD-2026-38496

dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...

CVE-2026-56116 dhcpcd Memory Leak DoS via IPv6 Router Advertisement Handling

dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...

EUVD-2026-38491

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state

A flaw was found in the Linux kernel's libceph OSD client. When a connection fault occurs during a sparse read, the sparse-read state is not properly reset. This allows a misbehaving or compromised Ceph OSD server, or a network adversary, to disrupt traffic. As a result, the client can misinterpr...

CVE-2026-48715

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, printff copies up to 2032 bytes from attacker-controlled...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Remove WARNON from functionfsbind This commit addresses an issue related to a kernel panic that occurs when paniconwarn is enabled. The issue is caused by the unnecessary use of WARNON in functionfsbind, which c...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The issue related to “slab-use-after-free” in smb3preauthhashrsp has been fixed. The function ksmbdusersessionput should be called under smb3preauthhashrsp. This will prevent freeing a session before calling...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the reference count leak in nfsdsetfhdentry. nfsd exports a “pseudo root filesystem” which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses th...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A potential out-of-bounds error has been fixed when the buffer offset is invalid. I identified a potential out-of-bounds situation when the buffer offset fields of several requests are invalid. This patch sets the minimum...

Astra Linux – Vulnerability in liblivemedia

Live555 version 1.08 does not handle Matroska and Ogg files properly. Sending two consecutive RTSP SETUP commands for the same track causes a Use-After-Free error and results in a crash of the daemon...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Audit: Improved robustness of audit queue handling If the audit daemon becomes stuck in a stopped state, the kauditdthread function in the kernel might get blocked while attempting to send audit records to the audit daemon in the...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The UAF issue in ksmbdtcpnewconnection has been fixed. The race that occurs is between the process of handling a new TCP connection and its disconnection. This causes a UAF error in the struct tcptransport structure within...

Astra Linux – Vulnerability in NTP

In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when adding a decimal point. An adversary may be able to attack a client’s ntpq process, but they cannot attack the ntpd process...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm: slub: Avoid waking up kswapd in settrackprepare settrackprepare may cause lock recursion. The issue arises because it is called from hrtimerstartrangens, which holds percpuhrtimerbasesn.lock. However, when...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: fixed the management of listener transports Currently, when no active threads are running, a root user using the nfsdctl command can attempt to remove a particular listener from the list of previously added listeners. By...

Canonical MicroCeph: path traversal issue in the remote-import AP

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...