EUVD-2026-39223

In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...

EUVD-2026-39210

In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after-free in ipv6chkacastaddr, which walks the global inet6acaddrlst hash under RCU and dereferences a struct ifacaddr6 that has...

CVE-2026-53243

The CVE-2026-53243 entry describes a Linux kernel issue in rseq_exit_user_update() where an uninitialized stack variable is used during initialization of ids in the rseq_ids struct. The bug arises because the inline initialization of struct rseq_ids ids can evaluate cpu_to_node(ids.cpu_id) before...

CVE-2026-53135

CVE-2026-53135: Linux kernel drm/amd/display SDP debugfs vulnerability fixed. The function dp_sdp_message_debugfs_write() dereferenced connector->base.state->crtc without NULL checks, which could occur when a connector is connected but not bound to a CRTC (e.g., after hot-plug). This caused...

CVE-2026-57589

sys/kern/sysvsem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in syssemget...

Linux Distros Unpatched Vulnerability : CVE-2026-53041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block- based xattrs, listxattr can return a size larger than the...

Linux Distros Unpatched Vulnerability : CVE-2026-52954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: handle rbtree insertion error in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. The received...

EUVD-2026-38821

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix oops due to out of scope access Below oops triggers when kill QEMU process: Oops: general protection fault, probably for non-canonical address 0x7fffffff844eaaa7: 0000 1 SMP NOPTI Call Trace: dorawspinlock+0xaa/0x...

CVE-2026-53078

The CVE-2026-53078 issue is a Linux kernel BPF sock_ops vulnerability. When a BPF sock_ops program accesses ctx fields with the same destination and source registers (dst_reg == src_reg), SOCK_OPS_GET_SK() and SOCK_OPS_GET_FIELD() failed to zero the destination register in the !fullsock/!locked_t...

kernel: RDMA/iwcm: Fix workqueue list corruption by removing work_list

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA Internet Wide Area RDMA Protocol iWARP subsystem. Incorrect work submission logic in the iwcm component can lead to multiple queueing of work items. This allows a work item to be processed and freed while still present in the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: virtio/vsock: Fixed an uninit-value issue in virtiotransportrecvpkt KMSAN reported the following uninit-value access issues: ===================================================== BUG: KMSAN: uninit-value in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: The IOWQBITEXIT check is performed within the work run loop. Currently, this check is performed before running the pending work. Normally, this is completely fine, as the work items either end up blocking other tas...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Handling of inconsistent states in nilfsbtnodecreateblock. Syzbot reported that an inconsistency in the buffer state was detected in nilfsbtnodecreateblock, which triggered a kernel bug. It is not appropriate to consider...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed the issue where a new block group that becomes unused after creation could lead to a use-after-free condition. If a task creates a new block group and that block group becomes unused before its creation is completed,...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Allow ext4getgroupinfo to fail. Previously, ext4getgroupinfo would treat an invalid group number as a BUG, since this should theoretically never happen. However, if a malicious attacker modifies the superblock via the block...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Nilfs2: Fixed a kernel bug caused by failing to clear the buffer delay flag. Syzbot reported that after Nilfs2 reads a corrupted file system image and becomes read-only, the BUGON check for the buffer delay flag in submitbhwbc ma...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: msm: Certain pins are marked as invalid for interrupts. On some platforms, the UFS-reset pin has no interrupt logic in TLMM, but it is still registered as a GPIO in the kernel. This allows the user-space to trigger...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: Make sure to wait for page writeback in memoryfailure. Our syzkaller triggers "BUGON!listempty&inode-iwblist" in clearinode: - Kernel bug at fs/inode.c:519! - Internal error: Oops – Bug: 0 1 SMP - Modules linke...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ice: Fixed a null pointer dereference in icecopyandinitpkg. Added a check on the return value of devmkmemdup to prevent potential null pointer dereferences...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Validates the index root when initializing NTFS security. This improves the sanity check for $SDH and $SII during the initialization of NTFS security, ensuring that these index roots are legitimate. 162.459513 BUG:...