PT-2026-44350

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctp sendmsg to asoc in SCTP SENDALL The SCTP SENDALL path in sctp sendmsg iterates ep-asocs with list for each entry safe, which caches the next entry in @tmp before the loop body runs. The bod...

CVE-2026-45937

CVE-2026-45937 concerns the Linux kernel in the crypto: inside-secure/eip93 driver, where during driver detach the same hash algorithm could be unregistered multiple times due to a faulty iterator, leading to a kernel panic. The vulnerability is addressed by a kernel fix described as “fix kernel ...

kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et.al Check pde-procops-proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen after commit 654b33ada4ab"proc: fix UAF in...

PT-2026-43804

In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - fix kernel panic in driver detach During driver detach, the same hash algorithm is unregistered multiple times due to a wrong iterator...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an iterator error during driver separation in the crypto/inside-secure/eip93 module. This error...

CVE-2026-43494

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails When iovitergetpages2 fails in rdsmessagezcopyfromuser, the pinned pages are released with putpage, and rm-data.opmmpznotifier is cleared. But we fail to properly clear...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: bpfiterscxdsqnew should always initialize the iterator. BPF programs may call next and destroy on BPF iterators even after new returns an error value e.g., the bpfforeach macro ignores error returns from new...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: bcache: Fixed the abuse of variable-length arrays in btreeiter. btreeiter is used in two ways: either allocated on the stack with a fixed size MAXBSETS, or from a mempool with a dynamic size based on the specific cache set...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed a warning in copyfromiter. Syzkaller reported a warning in copyfromiter because an ioviter was supposedly used in the wrong direction. The reason is that Syzkaller managed to generate a request with a transfer...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fixed the issue with the ib block iterator counter overflow. When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry into smaller, aligned D...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fixed the issue of dereferencing a stale list iterator after the loop body. The list iterator variable will become a bogus pointer if no break is executed. Dereferencing it in this case, cur-page could result in an...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netlink: Fixed an issue where the kernel could be exposed after free operation in skbdatagramiter. The syzbot reported the following issue with uninitialized value access 1: netlinktofullskb creates a new skb and sets skb-data...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the warning from kernelwriteiter 2110.972290 ------------ Cut here ------------ 2110.972301 WARNING: CPU: 3 PID: 735 at fs/readwrite.c:599 kernelwriteiter+0x21b/0x280 This patch does not allow writing to directories...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fixed the issue where the refcount of the subsystem for the @blockclass class was leaking. The blkcgfillrootiostats function iterates over the devices belonging to @blockclass using classdeviterinit|next, but does not...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use safe list iterator to avoid a use after free This loop is freeing the variable “clk”, so it needs to use listforeachentrysafe. Otherwise, it will dereference a freed variable to get the next item on the loop...

Astra Linux - уязвимость в rustc

In the standard library of Rust before version 1.52.0, a double-free error can occur in the Vec::fromiter function if the process of freeing the element causes a panic...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: Core: Preventing integer underflow By using a ratio of delay to pollEnabledTime that is not an integer, timeRemaining underflows may occur, causing the loop not to exit as expected. Since delay can be derived from DT,...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021558)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021558 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting t...

CLSA-2026-1779212665 php: Fix of 14 CVEs

CVE-2018-5711: fix infinite loop in gdImageCreateFromGifCtx - CVE-2018-5712: remove file name from phar stub error output XSS - CVE-2018-10545: do not set PRSETDUMPABLE in php-fpm workers by default - CVE-2018-10546: fail iconvmimedecode on invalid multibyte sequences - CVE-2018-10547: escape...

kernel: bpf: fix ktls panic with sockmap

In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap 2172.936997 ------------ cut here ------------ 2172.936999 kernel BUG at lib/ioviter.c:629! ...... 2172.944996 PKRU: 55555554 2172.945155 Call Trace: 2172.945299 2172.945428 ? die+0x36/0x90...