CVE-2026-43235

A flaw was found in the iris media driver within the Linux kernel. Missing platform data entries for the SM8750 component prevent the driver from allocating necessary internal buffers. This can lead to failures in basic video decoding and encoding operations, effectively causing a Denial of Servi...

CVE-2026-41417

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

EUVD-2026-27798

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add missing platform data entries for SM8750 Two platform-data fields for SM8750 were missed: - getvpubuffersize = irisvpu33bufsize Without this, the driver fails to allocate the required internal buffers, leading to...

CVE-2026-43235

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add missing platform data entries for SM8750 Two platform-data fields for SM8750 were missed: - getvpubuffersize = irisvpu33bufsize Without this, the driver fails to allocate the required internal buffers, leading to...

CVE-2026-43243

CVE-2026-43243 affects the Linux kernel drm/amd/display subsystem, specifically the dcn401 get_phyd32clk_src path, where missing signal type checks can cause a crash when accessing a DP link on DPIA. Connected OSV entries show Root and Debian/Ubuntu patches applied to rootio-linux (Ubuntu 22.04/2...

CVE-2026-43235

Summary: CVE-2026-43235 affects the Linux kernel iris media driver for SM8750. The vulnerability arises from two missing platform-data entries in the iris driver, which prevents proper internal buffer allocation and incomplete capability checks. What’s affected: Linux kernel/iris media driver (SM...

GLiNER Guard: Unified Encoder Family for Production LLM Safety and Privacy

Production LLM systems require both safety moderation and PII detection under strict latency and cost constraints. This creates a trade-off: autoregressive moderators are accurate but expensive, while lightweight encoders are faster but less capable. We present GLiNER Guard GLiGuard, a unified...

PT-2026-37583

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A crash occurs in the AMD Linux display driver when attempting to access the link enc on a dpia link. This issue is related to a missing signal type check in the get phyd32clk src functi...

CLSA-2026-1777976295 Fix CVE(s): CVE-2026-28690

SECURITY UPDATE: stack buffer overflow in MNG/JNG encoder — missing NULL check after ImageToBlob in WriteOneJNGImage could propagate a NULL blob pointer into later stack buffer operations GHSA-7h7q-j33q-hvpf. - debian/patches/CVE-2026-28690.patch: bail out of WriteOneJNGImage when ImageToBlob...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fixed the reference count leak in mesonencoderhdmiinit. The offinddevicebynode function takes a reference; we should use putdevice to release that reference when it is no longer needed. Add the missing putdevice functi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Obtaining inteldisplay from the encoder to avoid potential issues. Obtain inteldisplay from “encoder” instead of “state” within the encoder hooks. This avoids the problematic behavior caused by intelsanitizeencoder, whi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007loadencoder In go7007loadencoder, the variable bounce i.e., go-bootfw is allocated without subsequent deallocation. After the following call chain: saa7134go7007init | | - go7007bootencoder |...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Added a lock to protect the encoder context list. A lock was added for the ctxlist to prevent accessing a NULL pointer within the 'vpuencipihandler' function when the ctxlist is deleted due to an unexpect...

Astra Linux – Vulnerability in openjpeg2

A flaw was discovered in OpenJPEG’s encoder, specifically in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can provide crafted inputs for the decomposition levels to cause a buffer overflow. The greatest threat of this vulnerability is to system availability...

Astra Linux - уязвимость в netty

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3attach Syzbot identified an issue 1 in multiq3attach, which can cause a task timeout due to open or COMEDIDEVCONFIG ioctl operations, specifically, in the case of the multiq3...

CLSA-2026-1777542477 Fix CVE(s): CVE-2026-28690

SECURITY UPDATE: stack buffer overflow in MNG/JNG encoder — missing NULL check after ImageToBlob in WriteOneJNGImage could propagate a NULL blob pointer into later stack buffer operations GHSA-7h7q-j33q-hvpf. - debian/patches/CVE-2026-28690.patch: bail out of WriteOneJNGImage when ImageToBlob...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1611)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1611 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when Magick parses an XML file it is possible that a...

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when Magick parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions...