Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: A sanity check was added for the block address in the f2fsdozerorange function. As reported by Yanming in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215894 I have encountered a bug in the F2FS file system in the...

CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfs/blocklayout: Do not attempt unregistration for invalid block devices Since the commit d869da91cccb “nfs/blocklayout: Fix premature PR key unregistration”, unmounting a pNFS SCSI-layout-enabled NFS may cause a NULL blockdevice...

Linux Distros Unpatched Vulnerability : CVE-2026-31617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: fncm: validate minimum blocklen in ncmunwrapntb The blocklen read from the host- supplied NTB header is checked against ntbmax but has no lower...

CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

PT-2025-43695

Name of the Vulnerable Software and Affected Versions Bitcoin Core affected versions not specified Description The software contains an issue that requires the victim to run it on an old 32-bit system and to have configured a large, non-standard mempool. An attacker must then craft an invalid 1 G...

EUVD-2023-57209

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-13099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service out-of- bounds memory access and BUG can occur for a modified...

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero when handling an invalid unknown.blockcount type in a Modelfile. An attacker can cause the application to crash by importing a malicious GGUF. Remediation Upgrade github.com/ollama/ollama/fs/ggml to version 0.6.3-rc1 or...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed a possible NULL dereference in amdgpurasqueryerrorstatushelper. Returned an invalid error code -EINVAL for invalid block IDs. The following issues have also been fixed: drivers/gpu/drm/amd/amdgpu/amdgpuras.c:118...

GHSA-R3R4-G7HQ-PQ4F CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts

Name: ASA-2025-002: Malicious peer can stall network by disseminating seemingly valid block parts Component: CometBFT Criticality: High Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: = v0.38.16, v1.0.0 Affected users: Validators, Full nodes, Users Description A bug was...

CVE-2024-53167 nfs/blocklayout: Don't attempt unregister for invalid block device

In the Linux kernel, the following vulnerability has been resolved: nfs/blocklayout: Don't attempt unregister for invalid block device Since commit d869da91cccb "nfs/blocklayout: Fix premature PR key unregistration" an unmount of a pNFS SCSI layout-enabled NFS may dereference a NULL blockdevice i...

CVE-2024-53167

In the Linux kernel, the following vulnerability has been resolved: nfs/blocklayout: Don't attempt unregister for invalid block device Since commit d869da91cccb "nfs/blocklayout: Fix premature PR key unregistration" an unmount of a pNFS SCSI layout-enabled NFS may dereference a NULL blockdevice i...

Always-Incorrect Control Flow Implementation

btcd is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to a consensus failure caused by the incorrect re-implementation of Bitcoin Core's "FindAndDelete" functionality. This flaw can result in btcd clients accepting an invalid Bitcoin block or rejecting a val...

CVE-2024-38365

CVE-2024-38365 affects btcd (versions 0.10 to 0.24). The issue is a mismatch in Bitcoin Core’s FindAndDelete() versus btcd’s removeOpcodeByData() that can cause btcd to validate blocks differently, risking a chain split (accepting an invalid block) or DoS (rejecting a valid block). The root cause...

SUSE CVE-2023-52585

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpurasqueryerrorstatushelper Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpuras.c:1183 amdgpurasqueryerrorstatushelper...

DEBIAN-CVE-2023-52585

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpurasqueryerrorstatushelper Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpuras.c:1183 amdgpurasqueryerrorstatushelper...

AZL-58611 CVE-2023-52585 affecting package kernel for versions less than 6.6.79.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpurasqueryerrorstatushelper Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpuras.c:1183 amdgpurasqueryerrorstatushelper...

AZL-58623 CVE-2023-52585 affecting package kernel for versions less than 5.15.176.3-3

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpurasqueryerrorstatushelper Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpuras.c:1183 amdgpurasqueryerrorstatushelper...

UBUNTU-CVE-2023-52585

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpurasqueryerrorstatushelper Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpuras.c:1183 amdgpurasqueryerrorstatushelper...