EUVD-2026-39884

In the Linux kernel, the following vulnerability has been resolved: drm/gma500/oaktraillvds: fix hang on init failure The LVDS init code looks up an I2C adapter using i2cgetadapter and tries to read the EDID before falling back to allocating and registering its own adapter. The error handling doe...

CVE-2026-53278

The CVE-2026-53278 issue in the Linux kernel affects the ARM MPAM component. A NULL dereference could occur in __destroy_component_cfg() if it is called from mpam_disable() before the configuration array had been allocated. The fix adds a guard to check whether the config array is allocated and r...

CVE-2026-53197

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfsdestroystate iptfsdestroystate calls hrtimercancel while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems. For the output timer iptfstimer...

EUVD-2026-38977

In the Linux kernel, the following vulnerability has been resolved: powerpc/pgtable-frag: Fix bad page state in ptefragdestroy powerpc uses ptfragrefcount as a reference counter for tracking it's pte and pmd page table fragments. For PTE table, in case of Hash with 64K pagesize, we have 16...

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling on June 15. It is the first time the Canadian Security Intelligence...

CVE-2026-49287 Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data destruction

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed error handling in kfdprocessdeviceinitvm It is necessary to only destroy the ibmem and let the process cleanup worker free the outstanding BOs. Reset the pointer in the pdd-qpd structure to avoid NULL pointer...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nvmet: A possible leak has been fixed when destroying a ctrl during qp establishment. In nvmetsqdestroy, we capture sq-ctrl early. If it is not NULL, we know that a ctrl was allocated during the admin connect request handling. We...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915: Fixed potential context UAFs. The gemcontextregister function makes the context visible to user space, and a separate thread can trigger the I915GEMCONTEXTDESTROY ioctl command. Therefore, we need to ensure that...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: ena: Fixed error handling in enainit The enainit function no longer destroys the workqueue created by createsinglethreadworkqueue when pciregisterdriver fails. Calling destroyworkqueue when pciregisterdriver fails prevents...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Clear the driver reference in usb-phy dev For the dual-role port, the phy device will be assigned to the usb-phy device, and the port device driver will be used as the dev driver for usb-phy. When we attempt to...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Net: tun: Unlinking the NAPI from the device upon destruction. Syzbot identified a race condition between the tun file and the device destruction process. NAPIs reside in the structtunfile structure, and this structure may be...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fixed a UAF in blkcgunpinonline. blkcgunpinonline traverses the blkcg hierarchy to set the object as online. To traverse this hierarchy, it uses blkcgparentblkcg, but this call occurs after blkcgDestroyBlksblkcg, whic...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: Synchronized bitmapgetstats with the lifetime of the bitmap. After the commit with the code ec6bb299c7c3 “md/md-bitmap: add ‘syncsize’ into struct mdbitmapstats, a panic is reported: Oops: General Protection Fault,...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: Destroy queues before realnumtxqueues is zeroed xennetDestroyQueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 “net-sysfs: Update the queue counts in the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed the destruction of kthread workers in polling mode. The cleanup order in polling mode irq worklist and WARNON!listempty&worker-delayedworklist. The original code called kthreadDestroyWorker before...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Firmware: armscmi: Balances the device reference count when destroying devices. Using devicefindchild to find the appropriate SCMI device to destroy causes an imbalance in the device reference count. This occurs because...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/hns: Fixed double destruction of rsvqp RSVQP may be double destroyed during error flow, first in freemrinit, and then in hnsroceexit. This issue was fixed by moving the freemrinit call into hnsrocev2init. List corruption:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cfg80211: fixed a race condition in the netlink owner interface destruction process. My previous fix to address this issue created a deadlock situation, and there was a race condition where the exact same deadlock could occur...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fixed the null-ptr-deref issue in ibcorecleanup. KASAN reported a null-ptr-deref error: KASAN: Null pointer dereferencing in the range 0x0000000000000118–0x000000000000011f. CPU: 1; PID: 379. Hardware name: QEMU Standa...