ECHO-31D2-9DC5-9987

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2026-42250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bzip2 contains an offbyone error in the bzip2recover utility. When processing a specially crafted file, the application performs an outofbounds write to a globa...

CVE-2026-10156 Open5GS nf-instances Endpoint nnrf-handler.c handle_amf_info resource consumption

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handleamfinfo in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nfinfopool can lead to resource consumption. The attack may be performed from...

UBUNTU-CVE-2026-45960

In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfsbnodecreate When hfsbnodecreate finds that a node is already hashed which should not happen in normal operation, it currently returns the existing node without incrementing its...

UBUNTU-CVE-2026-45934

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...

CVE-2026-45960 hfsplus: return error when node already exists in hfs_bnode_create

In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfsbnodecreate When hfsbnodecreate finds that a node is already hashed which should not happen in normal operation, it currently returns the existing node without incrementing its...

CVE-2026-45960

In the Linux kernel hfsplus module, CVE-2026-45960 describes a scenario where hfs_bnode_create() returns an existing node if a node is already hashed, without incrementing its refcnt. This caused reference-count inconsistencies and could trigger a kernel panic during hfs_bnode_put(). The fix chan...

PT-2026-43801

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insert dev extents in btrfs create pending block groups. The following is a sample stack trace of such ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Thermal: Core – Fix for NULL pointer dereferencing in TZGETTRIP. Do not call gettriphyst from thermalgenlcmdtzgettrip if the thermal zone does not define such a function...

PT-2026-42027

Name of the Vulnerable Software and Affected Versions Kopia versions prior to 0.22.4 Description Kopia's HTTP server, when started with the --without-password flag, accepts unauthenticated requests to the '/api/v1/repo/exists' endpoint. The handler forwards a storage configuration provided by the...

MINI-V3X5-G4RF-GWW3

Bulletin has no description...

CVE-2026-42885 Audiobookshelf: Path prefix bypass in filesystem existence check leaks out-of-scope file existence

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

SUSE CVE-2026-43022

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...

SUSE CVE-2026-43118

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the logged inode item to ...

EUVD-2026-27645

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the logged inode item to ...

CVE-2026-43118

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the logged inode item to ...

CVE-2026-43118

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the logged inode item to ...

CVE-2026-43118

This CVE-2026-43118 concerns a Btrfs log replay data integrity issue in the Linux kernel where truncating a file to zero and then creating a hardlink, followed by a power failure and log replay, could leave the original size unchanged. Root cause: during inode logging, a 0 generation is written f...

PT-2026-37428

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the logged inode item to ...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: smb/server: Avoid deadlock when linking with “ReplaceIfExists”. If the smb2createlink function is called with “ReplaceIfExists” set, and the file name actually exists, a deadlock will occur. In this case, ksmbdvfskernpathlocked...