CVE-2026-46133

The CVE-2026-46133 issue affects Linux kernel’s Soft RoCE (RDMA/rxe) where an unauthenticated UDP packet with an unknown opcode could trigger an out-of-bounds read during ICRC/CRC processing due to missing validation of opcodes before length arithmetic. The advisory describes that entries in the ...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2026-40369: Defensive Analysis of the 12-Byte Windows Kern...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint: Fix handling of the configfs group list head Calling listdel on the epfgroup field of struct pciepfdriver in pciepfremovecfs is incorrect. This field is a list head, not a list entry. This listdel call triggers a...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: - dm raid: fixed the KASAN warning in raid5adddisks. There is a KASAN warning in raid5adddisk when running the LVM testsuite. This warning occurs in the test lvconvert-raid-reshape-lineartoraid6-single-type.sh. We fixed this...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate sufficient space for GMU registers In commit 142639a52a01 “drm/msm/a6xx: fix crashstate capture for A650”, we changed a6xxgetgmuregisters to read 3 sets of registers. Unfortunately, we did not change the...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fixed invalid address access in lookuprec when the index is 0. KASAN reported the following issue: BUG: KASAN: use-after-free in lookuprec A read of size 8 at address ffff000199270ff0 was performed by the task modprobe...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Avoid invalid reads in irdmanetevent. The function irdmanetevent should not dereference anything from “neigh” alias “ptr” until it has checked that the event is of type NETEVENTNEIGHUPDATE. Other events have structure...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86/alternatives: Disabling KASAN during applyalternatives Fei reported that KASAN is triggered during applyalternatives on systems with 5-level paging. Bug: KASAN: Out-of-bounds access in rcuiswatching Size 4 is read at address...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Use VMMAP instead of VMALLOC for the ringbuf area. After the commit 2fd3fb0be1d1 “KASAN, vmalloc: Unpoison VMALLOC pages after mapping”, non-VMALLOC mappings will be marked as accessible in getvmareanode when KASAN is enable...

Exploit for CVE-2026-40369

CVE-2026-40369: Arbitrary Kernel Address Increment via NtQuery...

CVE-2026-43449

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvmedbbufset dev-onlinequeues is a count incremented in nvmeinitqueue. Thus, valid indices are 0 through dev-onlinequeues − 1. This patch fixes the loop condition to ensure the index stays with...

CVE-2026-43197

CVE-2026-43197 concerns a Linux kernel netconsole vulnerability where messages from the console subsystem could be read out-of-bounds due to missing null-termination. The root cause is a netconsole write path that could access memory beyond the allocated buffer, observable as a slab-out-of-bounds...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed potential improper dereferencing of pointers in bpfsysbpf The bpfsysbpf helper function allows an eBPF program to load another eBPF program from within the kernel. In this case, the argument union bpfattr pointer along...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent use-after-free by freeing the cfile later In smb2compoundop we have a possible use-after-free which can cause hard to debug problems later on. This was revealed during stress testing with KASAN enabled kernel. Fixin...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: zloop: fixed the KASAN use-after-free of tagset When a zloop device is removed, the KASAN-enabled kernel reports “BUG KASAN use-after-free” in the blkmqfreetagset function. This bug occurs because zloopctlRemove calls putdisk,...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: mtu3: fix listhead check warning This issue is caused by the uninitialization of listhead. Bug: KASAN: use-after-free in listdelentryvalid+0x34/0xe4. Call trace: dumpbacktrace+0x0/0x298 showstack+0x24/0x34...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN use-after-free out of bounds. When we run syzkaller, we encounter an Out of Bounds error. The specific error message is: “KASAN: slab-out-of-bounds Read in regcacheflatread”. The issue can be traced as...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscachewithdrawvolume We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: slab-use-after-free in...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in dokrealloc This patch addresses an issue introduced by commit 1a83a716ec233 "mm: krealloc: consider spare memory for GFPZERO" which causes MTE Memory Tagging Extension to falsely report a...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is longer than 15 bytes, string terminated NULL...