Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

@evomap/evolver's validator sandbox allowlist permits `npm`/`npx`, yielding RCE from Hub-delivered validation tasks via lifecycle scripts

Summary The validator-mode sandbox executor src/gep/validator/sandboxExecutor.js places npm and npx in its hard executable allowlist. Because npm install and npx -y -p execute arbitrary code by design preinstall/install/postinstall lifecycle scripts and remote-package bin entries, and because...

SUSE CVE-2026-31725

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability, which was caused by a V8 object lifecycle issue. This vulnerability could allow remote attackers to execute out-of-bound memory reads through special...

HackerSignal: A Large-Scale Multi-Source Dataset Linking Hacker Community Discourse to the CVE Vulnerability Lifecycle

We introduce HackerSignal, a benchmark for temporal out-of-distribution cyber threat intelligence CTI and cross-source CVE linkage. HackerSignal aggregates 7.45 million exact-deduplicated documents from 64 public forum/source identifiers spanning eight source layers and a 36-year window 1990-2026...

Astra Linux – Vulnerability in Firefox, Thunderbird

During the worker lifecycle, a use-after-free condition could occur, which may lead to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

Astra Linux – Vulnerability in Chromium

In ANGLE of Google Chrome, before version 96.0.4664.110, there was an issue with the object lifecycle mechanism that allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: vhostvdpa: The irqbypassunregisterproducer function must correctly assign the token. Previously, we used irqbypassunregisterproducer in vhostvdpasetupvqirq, which was problematic because we had no way of knowing whether the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: Do not break the lifecycle of vmdev. vmdev has a separate lifecycle because it has a struct device embedded within it. Therefore, having a release callback for it is correct. However, allocating the vmdev structure...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: gve: Defer the enabling of interrupts until NAPI registration. Currently, interrupts are automatically enabled immediately upon request. This allows interrupts to occur before the associated NAPI context is fully initialized,...

Linux Distros Unpatched Vulnerability : CVE-2026-31723

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: fsubset: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase...

Linux Distros Unpatched Vulnerability : CVE-2026-31722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: frndis: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase...

CVE-2026-31722

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds,...

CVE-2026-31725

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...

CVE-2026-31727 usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uether: Fix NULL pointer deref in ethgetdrvinfo Commit ec35c1969650 "usb: gadget: fncm: Fix netdevice lifecycle with devicemove" reparents the gadget device to /sys/devices/virtual during unbind, clearing the gadget...

CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...

CVE-2026-31725

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...

EUVD-2026-26538

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...

CVE-2026-31725

CVE-2026-31725 affects the Linux kernel’s USB gadget f_ecm functionality. The vulnerability arises during function unbinds when the net_device is created and registered under the gadget device, but is not de-parented correctly, leaving dangling sysfs links under /sys/class/net and /sys/devices/pl...

CVE-2026-31725

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...