Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on the CPU node. In the parseperfdomain function, if the call to ofparsephandlewithargs returns an error, then the reference to the CPU device node acquired at the beginning of the function wi...

PT-2026-44328

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the staging media atomisp component where private IOCTLs Input/Output Control are not sufficiently safe. To address this, private IOCTLs are disallowed by returning fr...

EUVD-2025-209969

In the Linux kernel, the following vulnerability has been resolved: drm/display/dpmst: Add protection against 0 vcpi When releasing a timeslot there is a slight chance we may end up with the wrong payload mask due to overflow if the delayeddestroywork ends up coming into play after a DP 2.1 monit...

PT-2026-43818

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the BPF subsystem involving BTF objects. The problem stems from incorrect refcounting within the check pseudo btf id function, which can lead to the chec...

PT-2026-43925

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A race condition exists in the amphion VPU driver within the Linux kernel. This occurs when v4l2 m2m ctx release frees the m2m ctx context while v4l2 m2m try run is attempting to call devic...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: drm/sti: The return type of stidvo,hda,hdmiconnectormodevalid has been corrected. With Clang’s Kernel Control Flow Integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer...

UBUNTU-CVE-2026-43362

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

CVE-2026-43289

In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexecloadpurgatory derives image-start by locating eentry inside an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with overlapping shaddr, the...

PT-2026-39133

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the handling of unshare fs within the unshare2 system call. When CLONE NEWNS is present in the flags and current-fs has not been shared, copy mnt ns receives current-f...

kernel: sctp: avoid NULL dereference when chunk data buffer is missing

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

EUVD-2026-27740

In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: remove TX queue manipulation in kawethsetrxmode kawethsetrxmode, the ndosetrxmode callback, calls netifstopqueue and netifwakequeue. These are TX queue flow control functions unrelated to RX multicast...

EUVD-2026-27592

In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrmpolicyfini frees the policybydst hash tables after flushing the policy work items and deleting all policies, but it does not wait for concurrent RCU readers to leave their...

CVE-2026-43256

CVE-2026-43256 is a Linux kernel vulnerability in the media subsystem (Qualcomm CAMSS VM) where the vfe_isr_reg_update() function may perform an out-of-bounds access. The code loops with MSM_VFE_IMAGE_MASTERS_NUM(7) but accesses vfe->line[] defined as struct vfe_line lineVFE_LINE_NUM_MAX . Whe...

CVE-2026-43256 media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrregupdate vfeisr iterates using MSMVFEIMAGEMASTERSNUM7 as the loop bound and passes the index to vfeisrregupdate. However, vfe-line array is defined with VFELINENUMMAX4:...

CVE-2026-43168

CVE-2026-43168 concerns the Linux kernel OCFS2 reflink preserve cleanup issue. Multiple connected sources confirm a bug in the cleanup of preserved xattr entries: the last pointer should be shifted by one unit after an array entry cleanup, and the first entry may not be cleaned when xh_count is 1...

PT-2026-37622

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix potential NULL pointer dereference in ionic query port The function ionic query port calls ib device get netdev without checking the return value which could lead to NULL pointer dereference, Fix it by checking th...

kernel: nvme: avoid double free special payload

In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQFSPECIALLOAD when the request is cleaned...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Open-coded GGTT MMIO access protection. GGTT MMIO access is currently protected by hotplug drmdeventer, which works correctly when the driver loads successfully and is later unbound or unloaded. However, if the driver loa...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A shift-out-of-bounds condition has been fixed due to an overly large exponent of the block size. If the slogblocksize field in the superblock data is corrupted and too large, initnilfs and loadnilfs may still trigger a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/smc: Fixed a possible leak of the pernet namespace in smcinit. In smcinit, registerpernetsubsys&smcnetstatops is called without any error handling. If this call fails, the registration of &smcnetops will not be reversed. And ...