CVE-2026-53087

A flaw was found in the Linux kernel's bcmgenet network driver. When the transmit tx queue is reclaimed, the driver incorrectly drops data frames without returning them to the pool of free buffer descriptors bds. This oversight results in a resource leak, which can lead to resource exhaustion and...

CVE-2026-40209 Denial of service via IXFR queries

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...

Linux Distros Unpatched Vulnerability : CVE-2026-53005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - afunix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AFUNIX GC. When a socket in SOCKMAP receives skb with inflight fd,...

CVE-2026-52814

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...

EUVD-2026-38832

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

CVE-2026-53005

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AFUNIX GC. When a socket in SOCKMAP receives skb with inflight fd, skpsockverdictdataready looks up the mapped socket and enqueue skb to its...

CVE-2026-53005 af_unix: Drop all SCM attributes for SOCKMAP.

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AFUNIX GC. When a socket in SOCKMAP receives skb with inflight fd, skpsockverdictdataready looks up the mapped socket and enqueue skb to its...

CVE-2026-53005

CVE-2026-53005 affects the Linux kernel af_unix SOCKMAP feature. The issue arises from improper handling of SCM attributes when data is passed to SOCKMAP, enabling a use-after-free and inflight-file-descriptor leaks due to inability of GC paths to inspect psock queues after skb redirection. Multi...

CVE-2026-52915

CVE-2026-52915 concerns the Linux kernel netfilter ip6t_hbh module, where ip6t_opts may store at most IP6T_OPTS_OPTSNR (16) option descriptors but hbh_mt6_check() did not reject larger optsnr values from userspace. This allowed a potential out-of-bounds condition (UBSAN: array-index-out-of-bounds...

CVE-2026-54271

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

CVE-2026-54271

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

CVE-2026-54271 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

CVE-2026-54271

The CVE-2026-54271 entry concerns protobufjs-cli (pbjs) static code generation, where insecure handling of pre-parsed JSON descriptors could lead to attacker-controlled JavaScript in generated output. Concrete details across connected sources show that protobufjs-cli versions prior to the fixed r...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa – Fix for the asyncdisable descriptor leak The paths for disabling asyncdisable in functions like iaacompress and decompress do not free the idxd descriptors when asyncdisable is set. Currently, this issue only occurs...

Astra Linux – Vulnerability in Qemu

An infinite loop flaw was discovered in the e1000 NIC emulator of QEMU. This issue occurs when processing transmit tx descriptors in processtxdesc, especially if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmidi: fix MIDI Streaming descriptor lengths While the MIDI jacks are correctly configured, and the MIDIStreaming endpoint descriptors contain the correct information, the values of bNumEmbMIDIJack and bLength are se...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Verify that the size of orphan files is not too large. In principle, orphan files can be arbitrarily large. However, orphan replay operations need to traverse those files, and all their buffers are stored in memory...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: USB: Fixed various issues related to devices connected via 10Gbps cables. The function usbassigndescriptors is called with 5 parameters. The last 4 of these parameters represent USB descriptor headers for the following speeds: -...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fsverity: Rejects FSIOCENABLEVERITY when mode 3 is used for file descriptors. Commit 56124d6c87fd “fsverity: Supports enabling with tree block size fmode & FMODEREAD condition in kernelread became reachable through fuzz tests. Th...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Firmware: armscmi: Fixed a double-free operation in the OPTEE transport. Channels can be shared between protocols; avoiding the need to free the same descriptor twice when unloading the stack...