Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: sched: cake: Fixed an issue where a null pointer access occurred when cakeinit failed. When the default qdisc is cake, if the qdisc of devqueue fails to initialize during mqprioinit, cakereset is called to clear resources...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Bail out from dwc3gadgetexit if dwc-gadget is NULL. There exists a possible scenario in which dwc3gadgetinit may fail: during the switch between peripheral and host modes in dwc3setmode, and if a pending gadget...

Linux Distros Unpatched Vulnerability : CVE-2026-46162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls...

Linux Distros Unpatched Vulnerability : CVE-2026-46136

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7921: fix a potential clc buffer length underflow The buflen is used to limit the iterations for retrieving the country power setting and may...

PT-2026-44285

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A double free issue exists in the Linux kernel within the ice sf eth activate function. When auxiliary device add fails, the execution jumps to aux dev uninit and calls auxiliary device...

UBUNTU-CVE-2026-45947

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpuacpienumeratexcc In amdgpuacpienumeratexcc, if amdgpuacpidevinit returns -ENOMEM, the function returns directly without releasing the allocated xccinfo, resulting in a memory leak. Fix this by...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: avoid panic on init failure In the event of an error during initialization, inHWrestart will be set, but it will never be cleared. Instead, we will retry the initialization process again. We will act as if we...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: The admin tagset is released if the initialization fails. The nvmefabrics function creates a NVMe/FC controller in the following path: nvmfdevwrite → nvmfcreatectrl → nvmefccreatectrl → nvmefcinitctrl The nvmefcinitctrl...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021561)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021561 advisory. In the Linux kernel, the following vulnerability has been resolved: vme: Fix error not catched in fakeinit In fakeinit, rootdeviceregister is possible to fail but it...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021655)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021655 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: free inode when ocfs2getinitinode fails syzbot is reporting busy inodes after unmount, for...

SUSE-SU-2026:21793-1 Security update for alloy

This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server to crash a client application via a DataRow message bsc1259919. - CVE-2026-25934: github.com/go-git/go-git/v5:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/nouveau: Avoid a use-after-free when BO init fails nouveauboinit is backed by ttmboinit and passes its return value back to the caller. In case of failures, ttmboinit invokes the provided destructor, which should...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: sched: sfb: Fixed an issue where a null pointer access occurred when sfbinit failed. When the default qdisc is sfb, if the qdisc of devqueue fails to be initialized during mqprioinit, sfbreset is invoked to clear resource...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add a missing call to ssamrequestsyncfree Although rare, ssamrequestsyncinit can fail. In that case, the request should be freed using ssamrequestsyncfree. Currently, the request is instead leaked. F...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k: Fix for UAF in ath12kcoreinit When the execution of ath12kcoreHWGroupAssign or ath12kcoreHWGroupCreate fails, the registered notifier chain is not properly unregistered. Its memory is freed after rmmod, which may...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: fixed a memory leak in ocfs2stackglueinit The ocfs2tableheader should be freed in ocfs2stackglueinit if ocfs2sysfsinit fails; otherwise, kmemleak will report a memory leak. BUG: Memory leak Unreferenced object...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: x86/hyperv: Fixed a NULL dereferencing in sethvtscchangecb if the Hyper-V setup fails. Checked for a valid hvvpindex array before dereferencing hvvpindex when setting Hyper-V’s TSC change callback. If Hyper-V setup fails in...

CVE-2026-31754

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix state inconsistency on gadget init failure When cdns3gadgetstart fails, the DRD hardware is left in gadget mode while software state remains INACTIVE, creating hardware/software state inconsistency. When...

CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure Presently, if the force feedback initialisation fails when probing the Logitech G920 Driving Force Racing Wheel for Xbox One, an error number wi...

CVE-2026-31754 usb: cdns3: gadget: fix state inconsistency on gadget init failure

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix state inconsistency on gadget init failure When cdns3gadgetstart fails, the DRD hardware is left in gadget mode while software state remains INACTIVE, creating hardware/software state inconsistency. When...