Astra Linux – Vulnerability in Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Registering sysfs groups through the driver core. The driver core can already register and clean up sysfs groups. Make use of this functionality to simplify error handling and cleanup processes. Additionally, a UAF...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fixed an issue where a “off-by-one” root connection error occurred. Before attaching a new root to the old root, the number of children in the new root was checked to ensure that only the top-level groups of the...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Tab Groups component of Google Chrome prior to version 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in tab groups in Google Chrome prior to version 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.77, using “After Free” in TabGroups in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

In Google Chrome on Linux and ChromeOS before version 92.0.4515.107, an attacker who convinced a user to install a malicious extension could perform an out-of-bounds memory write by using a crafted HTML page. This vulnerability allowed the attacker to execute such an operation...

Astra Linux – Vulnerability in Chromium

Before version 92.0.4515.131, writing out-of-bounds data using Tab groups in Google Chrome allowed an attacker who convinced a user to install a malicious extension to perform an out-of-bounds memory write via a crafted HTML page...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: blk-iolatency: Fixed imbalances in the number of in-flight IO operations and issues with hanging during offline conditions. iolatency needs to track the number of in-flight IO operations per cgroup. Since this tracking can be...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fixed a double-free in arfscreategroups. When the memory allocated by kvzalloc fails, arfscreategroups will free ft-g and return an error. However, arfscreatetable, the only function calling arfscreategroups, will hold...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: qgroup: Fixed a leak in the qgroup prealloc resource reservation during subvolume operations. The creation of subvolumes, snapshots, and deletion of subvolumes all utilize btrfssubvolumereservemetadata to reserve metada...

Astra Linux – Vulnerability in Zabbix

A authenticated user with API access e.g., a user with the default User role can be added to any group e.g., Zabbix Administrators. Specifically, a user with access to the user.update API endpoint can be added to any group, except for groups that are disabled or have restricted GUI access...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a race condition related to block group refcounts in btrfscreatependingblockgroups. The creation of block groups occurs in two phases, resulting in a somewhat unintuitive behavior: A block group can be...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: afnetlink: Fixed an out-of-bounds shift in the group mask calculation When a netlink message is received, netlinkrecvmsg fills in the address of the sender. One of the fields is the 32-bit bitfield nlgroups, which carries the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nvdimm: The memory pointed to by ndpmu-pmu.attrgroups is allocated in the function registernvdimmpmu, and it is lost after the kfreendpmu call in the function unregisternvdimmpmu...

Astra Linux – Vulnerability in Containerd

Containerd is an open-source container runtime. A bug was discovered in Containerd prior to versions 1.6.18 and 1.5.18, where supplementary groups were not set up properly within a container. If an attacker has direct access to a container and manipulates the supplementary group permissions, they...

SUSE CVE-2026-31707

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipcvalidatemsg ipcvalidatemsg computes the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon response to a fixed struct size in...

EUVD-2026-26516

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipcvalidatemsg ipcvalidatemsg computes the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon response to a fixed struct size in...

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

SUSE-SU-2026:1653-1 Security update for protobuf

This update for protobuf fixes the following issues: Refresh fixes: - CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to RecursionError bsc1244663. - CVE-2026-0994: maxrecursiondepth limit can be bypass...

JLSEC-2026-271 Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key...

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...