Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: dm raid: fixed the KASAN warning in raid5adddisks. There is a KASAN warning in raid5adddisk when running the LVM testsuite. The warning occurs during the test lvconvert-raid-reshape-lineartoraid6-single-type.sh. We fixed this...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: md: raid1: fixed a potential out-of-bounds error in raid1removedisk. If rddev-raiddisk is greater than mddev-raiddisks, an out-of-bounds error will occur in raid1removedisk. We have already encountered similar reports, as...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ocfs2: The ltreedepth field was validated to prevent out-of-bounds access. The ltreedepth field is 16-bit le16, but the actual maximum depth is limited to OCFS2MAXPATHDEPTH. A check was added to prevent out-of-bounds access if th...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - dm raid: fixed the address sanitizer warning in raidresume. There is a KASAN warning in raidresume when running the lvm test lvconvert-raid.sh. The reason for the warning is that mddev-raiddisks is greater than rs-raiddisks,...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dm raid: fixed access issues beyond the end of the raid member array. When the dm-raid table is loaded using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is determined by the...

EUVD-2026-36118

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

SUSE CVE-2026-46045

In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not insync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only checks for raiddisk...

CVE-2026-45953

A flaw was found in the Linux kernel's RAID5 module. When a low-level bitmap llbitmap bit state is unwritten in a degraded array, a missing check during write operations can cause the system to enter an infinite loop. This can lead to an I/O hang, effectively resulting in a Denial of Service DoS...

CVE-2026-46045

In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not insync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only checks for raiddisk...

UBUNTU-CVE-2026-46045

In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not insync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only checks for raiddisk...

CVE-2026-46045

Technical details for CVE-2026-46045 are not provided in the connected documents. Affected products/versions and patch information are not specified. Monitor vendor advisories and CVE sources for updates.

PT-2026-43912

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the md/md-llbitmap component where the system fails to check the In sync flag when reading bitmap pages from member disks. The code iterates through all rdevs and read...

PT-2026-41389

Name of the Vulnerable Software and Affected Versions Sharp versions prior to 9.22.0 Description Sharp exposes a generic download endpoint 'GET /sharp/globalFilter/download/entityKey/instanceId?' that authorizes access based on a supplied entity instance but reads the target storage disk and path...

EUVD-2026-24975

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

CVE-2026-35344 uutils coreutils dd Silent Data Corruption via Unconditional Truncation Error Suppression

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

CVE-2026-35344 uutils coreutils dd Silent Data Corruption via Unconditional Truncation Error Suppression

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

CVE-2026-35344

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

[SECURITY] Fedora 44 Update: plasma-disks-6.6.4-1.fc44

Plasma Disks monitors S.M.A.R.T. data of disks and alerts the user when signs of imminent failure appear...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs CVE-2025-71225 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent...

SUSE CVE-2025-71225

In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs In raid1reshape, freezearray is called before modifying the r1bio memory pool conf-r1biopool and conf-raiddisks, and unfreezearray is called after the update is completed...