Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: gso: Fixed a panic that occurred when using a fraglist with mixed head allocation types. Since the commit 3dcbdb134f32 “net: gso: Fixed an error in skbsegment when splitting a gsosize mangled skb having linear-headed...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nbd: The function genlunregisterfamily is called first in nbdcleanup. Otherwise, there may be a race between the removal of the module and the handling of the netlink command, which can lead to an oops as shown below: BUG: Kernel...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: The issue of generating a order = MAXORDER warning due to an intentionally crafted negative isize has been fixed. As reported by syzbot 1, the root cause is that the isize field is a signed type, and a negative isize value...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: Missing check for virtio Two missing checks in virtionethdrtoskb allowed syzbot to crash kernels again. 1. After the skbsegment function, the buffer may become non-linear nrfrags != 0. However, since the SKBTXSHAREDFRAG...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: sctp: Linearize cloned GSO packets in sctprcv. The cloned headskb still shares these frag SKBs in the fraglist with the original headskb. Accessing these frag SKBs is not safe. syzbot reported two bugs related to the use of...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: handle large GSO sizes After the committed changes below, TCP sockets and MPTCP subflows can generate egress packets that are larger than 64K. This exceeds the maximum DSS data size; the packet length is misrepresented ove...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: added more sanity checks to qdiscpktleninit. One of the approaches handles SKBGSODODGY, assuming that skb-len is greater than hdrlen. The function virtionethdrtoskb does not fully dissect TCP headers; it only ensures that th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Avoid using prinfo with a spin lock in cblistinitgeneric. prinfo is called with the rtp-cbsgbllock spin lock locked. Since prinfo calls printk, which may cause a sleep, this will result in a bug like the following:...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfc: fixed a segfault in nfcgenldumpdevicesdone When kmalloc in nfcgenldumpdevices fails, nfcgenldumpdevicesdone causes a segfault as follows: KASAN: null-ptr-deref in range 0x0000000000000008-0x000000000000000f CPU: 0 PID: 25...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb3: Fixed temporary data corruption in the collapse range. The “collapse range” does not discard the affected cached regions; therefore, there is a risk of temporarily corrupting the file data. This fix corresponds to xfstest...

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

PT-2026-49925

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Generic Unix Connector. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

CVE-2026-47250

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

CVE-2026-47250

CVE-2026-47250 concerns mcp-server-kubernetes, where the kubectl_generic tool exposes a flag-injection vulnerability due to passing user-supplied flags directly to kubectl without an allowlist. This can enable a privilege-escalation path in Kubernetes environments: an attacker with limited access...

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

SUSE CVE-2026-46323

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...