Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fixed the issue with rcudereferenceprotected. When destroying all sets, we are either in the pernetexit phase or executing a “destroy all sets” command from user space. The latter was taken into account in...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fixed a possible memory leak when the module exits. After committing 1fa5ae857bb1 “driver core: removed the struct device’s busid string array”, the name of the device is allocated dynamically. This allocation needs...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fixed an off-by-one root misconnection issue. Before attaching a new root to the old root, the children counter of the new root was checked to ensure that only the top-level groups of the upcoming CPU were...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: aoss: The issue of a reference count leak in qmpcoolingdevicesregister has been fixed. In every iteration of the foreachavailablechildofnode loop, the reference count of the previous node is decremented. When exiting t...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fixed the issue where the refcount of the subsystem for the @blockclass class was leaking. The blkcgfillrootiostats function iterates over the devices belonging to @blockclass using classdeviterinit|next, but does not...

Astra Linux - уязвимость в tinyxml

In the TiXmlDeclaration::Parse method in tinyxmlparser.cpp within TinyXML, up to version 2.6.2, there is a potentially exploitable assertion which can lead to application exit. This issue occurs when a malicious XML document is used, where a null character \0 is placed after a whitespace...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fixed invalid PNP driver unregistration The Comedi low-level driver “c6xdigio” appears to be for a parallel port-connected device. When the Comedi core calls the driver’s “attach” handler c6xdigioattach to...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Fixed a race condition between handleposixcputimers and posixcputimerdel. If a non-autoreaping task that exits has already called exitnotify and calls handleposixcputimers from the IRQ, it may be reaped by its...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle the deactivation of DBCs when the owner leaves. When a DBC is released, the device sends a QAICTRANSDEACTIVATEFROMDEV transaction to the host via the QAICCONTROL MHI channel. QAIC handles this by calling...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: cpufreq: The exit callback is optional. The exit callback is optional, and it should not be called without first checking a valid pointer. Additionally, we must clear the freqtable pointer even if the exit callback is not present...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fixed the lockup issue in dmexceptiontableexit. A lockup was reported when exiting a snapshot with many exceptions. This issue has been fixed by adding “condresched” to the loop that frees the exceptions...

Astra Linux - уязвимость в linux-6.1, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fixed a potential deadlock condition. The deadlock can occur due to a recursive lock acquisition of crostypecaltmodedata::mutex. The call chain is as follows: 1. crostypecaltmodework acquires the mutex. 2...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: kthread: Consolidated the exit paths of kthreads to prevent use-after-free situations. Guillaume reported crashes during KUnit testing due to corrupted RCU callback function pointers. The crash was traced back to the pidfs...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Binder: A memory leak was fixed in binderinit. In binderinit, the destruction of binderallocshrinkerinit is not performed in the correct path, which can lead to memory leaks. Therefore, this commit introduces...

Astra Linux - уязвимость в liblivemedia

In liveMedia/FramedSource.cpp within Live555, up to version 1.08, an assertion failure can occur, leading to an application exit through multiple SETUP and PLAY commands...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: perf: Fixed the issue with sample generation versus doexit. Baisheng Gao reported a crash in ARM64 mode. Mark interpreted this as a synchronous external abort—most likely due to attempting to access MMIO in a faulty way. The...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: The IOWQBITEXIT check is performed within the work run loop. Currently, this check is performed before executing the pending tasks. Normally, this works fine, as the tasks either block temporarily and then a new...

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

EUVD-2026-29719

Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability...

PT-2026-41800

Name of the Vulnerable Software and Affected Versions iskorotkov/avro versions prior to 2.33.0 github.com/hamba/avro/v2 versions prior to 2.32.0 Description Remote, unauthenticated denial-of-service occurs due to CPU exhaustion in the Avro array and map decoders. The issue arises because the...