EUVD-2026-38873

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AFUNIX GC. When a socket in SOCKMAP receives skb with inflight fd, skpsockverdictdataready looks up the mapped socket and enqueue skb to its...

CVE-2026-53005

CVE-2026-53005 affects the Linux kernel af_unix SOCKMAP feature. The issue arises from improper handling of SCM attributes when data is passed to SOCKMAP, enabling a use-after-free and inflight-file-descriptor leaks due to inability of GC paths to inspect psock queues after skb redirection. Multi...

CVE-2026-53005 af_unix: Drop all SCM attributes for SOCKMAP.

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AFUNIX GC. When a socket in SOCKMAP receives skb with inflight fd, skpsockverdictdataready looks up the mapped socket and enqueue skb to its...

Astra Linux – Vulnerability in Firefox and Thunderbird

Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: clone set element expression template The memcpy function breaks when using connlimit in set elements. Use nftexprclone to initialize the connlimit expression list; otherwise, the connlimit garbage collect...

Astra Linux – Vulnerability in Firefox

If array shift operations are not used, the Garbage Collector may become confused regarding valid objects. This vulnerability affects Firefox versions less than 101...

Astra Linux – Vulnerability in Firefox and Thunderbird

Certain types of allocations lacked annotations that, if the Garbage Collector was in a specific state, could have led to memory corruption and potentially exploitable crashes. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: ipset: Fixed issues related to region locking in hash types. Region locking introduced in v5.6-rc4 included three macros for handling region locks: - ahashbucketstart: Takes back the start and end hash bucket values...

JLSEC-2026-558

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

PT-2026-47116

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

Astra Linux - уязвимость в linux-5.10

Ubuntu Linux 6.8 GA retains the legacy AFUNIX garbage collector, but the upstream commit 8594d9b85c07 "afunix: Do not call skbget for OOB skb" addresses this issue. When orphaned MSGOOB sockets reach unixgc, the garbage collector still calls kfreeskb, assuming that OOB SKBs hold two references...

SUSE CVE-2026-31455

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

CVE-2026-31455

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

CVE-2026-31455

CVE-2026-31455 pertains to the Linux kernel, specific to the XFS unmount path. During unmount, in xfs_unmount_flush_inodes(), the AIL is pushed while background reclaim and inodegc may still be running, which can lead to inodes being dirtied or re-queued into the AIL. The provided fix reorders th...

PT-2026-34360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the XFS file system where the unmount sequence in the xfs unmount flush inodes function pushes the Active Item List AIL while background reclaim and inode garbage...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012951)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012951 advisory. In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into accoun...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011383)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011383 advisory. In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into accoun...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007286)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007286 advisory. In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into accoun...

Astra Linux – Vulnerability in Firefox

Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist

Our analysis As stated in the project's security policy, we also don't consider UnusedVariables bypasses to be security issues. We added several unsafe modules mentioned by the reporter in advisory comments to the blocklist...