JLSEC-2026-415 libcurl skips the certificate verification for a QUIC connection under certain conditions, when...

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems...

Linux Distros Unpatched Vulnerability : CVE-2026-43056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mana: fix use-after-free in addadev error path If auxiliarydeviceadd fails, addadev jumps to addfail and calls auxiliarydeviceuninitadev. The auxiliary...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: i2c: tc358743: Fixed a crash that occurred in the probe error path when using polling. If an error occurs in the probe function, we should remove the polling timer that was alarmed earlier. Otherwise, the timer is calle...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fixed the reference count leak in mesonencoderhdmiinit. The offinddevicebynode function takes a reference; we should use putdevice to release that reference when it is no longer needed. Add the missing putdevice functi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: A memory leak in the smb3fscontextParseParam error path has been fixed. Proper cleanup of ctx-source and fc-source was added to the cifsParseMountErr error handler. This ensures that the memory allocated for the source...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Drivers: Soc: Xilinx: Add the missing kfree function in xlnxaddcbforsuspend. If we fail to allocate memory for cbdata using kmalloc, the memory allocation for evedata never gets freed. Therefore, add the missing kfree function in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Fix use-after-free on error path In the error path of sevtsminitlocked, the code dereferes t after it has been freed with kfree. The prerr statement attempts to access t-tioen and t-tioinitdone after the memory has...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Do not pass actlen in the usbbulkmsg error path. syzbot reported that actlen in kalmiasendinitpacket is uninitialized when it is passed to the first usbbulkmsg error path. Jiri Pirko noted that it’s pointless to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/erdma: Fixed a reference count leak in erdmammap. The function rdmausermmapentryget takes a reference; we should release that reference when it is no longer needed. Add the missing rdmausermmapEntryPut function in the err...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fixed a reference count leak in stubprobe The usbgetdev function is called in stubdevicealloc. When stubprobe fails, usbputdev must be called to release the reference. This issue was fixed by moving usbputdev into the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: Marvell: Prestera: Fixed an issue where double-free operations occurred on the error path. Fixed error path handling in presterabridgeportjoin, which could cause the Prestera driver to crash see below. Trace: - Internal...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the probe error path The commit 7c75bde329d7 “usb: musb: musbdsps: requestirq after initializing musb” has corrected the calls to dspssetupoptionalvbusirq and dspscreatemusbpdev, but it did not update the err...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fixed a memory leak in vmwmksstataddioctl If the copy of the description string from user space fails, then the page containing the instance descriptor does not get freed before returning -EFAULT, resulting in a memor...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Do not free the IRQ if it was not requested. Since the msmdrmuninit function is called from the msmdrminit error path, additional care is necessary to avoid calling freeirq for the IRQ that was not requested. This issue...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fixed the memory leak related to ‘conf-biosplit’. In the error path of raid10run, ‘conf’ needs to be freed. However, ‘conf-biosplit’ is not freed, resulting in a memory leak. Since there are three places where ‘conf’...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double-free caused by devm The clock obtained through devmclkgetenabled is automatically managed by devres. It will be disabled and freed when the driver is detached. Manual calls to clkdisableunprepare in th...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In md/raid10, there is a issue where memory leaks occur in the MD thread. In raid10run, if setupconf succeeds and raid10run fails before setting ‘mddev-thread’, then the variable ‘conf-thread’ is not freed after the failure. This...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: xiicxfer: Fixed a runtime PM leak on the error path. The xiicxfer function acquires a runtime PM reference when it is entered. This reference is released when the function is exited. Currently, there is one error path...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: a potential memory leak has been fixed in mlx5einitreprx. The memory pointed to by the priv-rxres pointer is not freed during the error-prone execution of mlx5einitreprx, which can lead to a memory leak. This issue has...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - net: genl: fixed a memory leak in the error path during policy dumping. - If the construction of the policy array fails when recording non-first policies, we need to unwind the process. - The netlinkpolicydumpaddpolicy...