Astra Linux – Vulnerability in targetcli-fb

The Open-iSCSI TargetCLI-fb version up to 2.1.52 has weak permissions for the /etc/target directory as well as for the backup directory and backup files...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vesafb: Fixed a use-after-free due to early fbinfo cleanup. The commit b3c9a924aab6 “fbdev: vesafb: Cleanup fbinfo in .fbdestroy instead of .remove” fixed a use-after-free error where the vesafb driver freed the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Fixed the H264 stateless decoder’s “smatch” warning. A “smatch static checker” warning has been fixed in vdech264reqif.c. This issue causes the kernel to crash when fb is NULL...

CVE-2026-0128

CVE-2026-0128 affects code in RtcpFbPacket::decodeRtcpFbPacket, where an integer overflow can trigger an out-of-bounds read. This could lead to remote information disclosure without extra privileges. Exploitation requires user interaction. The connected documents consistently describe the same is...

Malicious Package

Overview @fb-deposit/form-deposit-auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

PT-2026-44332

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An inconsistency exists in the calculation of sub-sampled plane dimensions within the drm gem fb init with funcs function. While the framebuffer check function uses DIV ROUND UP to round up...

CVE-2026-46065

CVE-2026-46065 affects the Linux kernel framebuffer (fbdev) defio mechanism. The issue arises from disconnecting deferred I/O from the lifetime of struct fb_info, by holding state in struct fb_deferred_io_state and freeing the instance only after the final mapping closes. If fb_info/defio are fre...

CVE-2026-46065 fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info

In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fbinfo Hold state of deferred I/O in struct fbdeferrediostate. Allocate an instance as part of initializing deferred I/O and remove it only after the final mapping...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed the DRM panic due to a null pointer when the driver does not support atomic operations. When the driver does not support atomic operations, fb uses plane-fb instead of plane-state-fb. Identified from commit...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013559)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013559 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: Fix several use-after-free bugs Several types of UAFs can occur when physically...

Siemens SIMATIC S7-1500 NULL Pointer Dereference(CVE-2025-38214)

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fbsetvar to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in fbsetvar fails to allocate memory for fbvideomode, later it may lead to a null-ptr dereference in fbvideomodetovar, as the fbinfo is registere...

EUVD-2026-13990

The Simple Football Scoreboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ytmrfbscoreboard' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-23051

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane-fb rather than plane-state-fb. cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef...

CVE-2026-23051

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane-fb rather than plane-state-fb. cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef...

CVE-2026-23051

CVE-2026-23051 is a Linux kernel fix for drm/amdgpu where a null-pointer panic could occur when the driver does not support atomic. The mitigation changes fb handling to use plane->fb instead of plane->state->fb in non-atomic paths. This was addressed by cherry‑picking a commit (2f2a72de...

CVE-2026-23051 drm/amdgpu: fix drm panic null pointer when driver not support atomic

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane-fb rather than plane-state-fb. cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef...

UBUNTU-CVE-2026-23039

In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drmatomichelperdisableall is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a kernel oops on every displ...

CVE-2026-23039 drm/gud: fix NULL fb and crtc dereferences on USB disconnect

In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drmatomichelperdisableall is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a kernel oops on every displ...

CVE-2026-23039

In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drmatomichelperdisableall is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a kernel oops on every displ...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005105)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005105 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of dfv17channelnumber Check the fbchannelnumber range to avoid...