UBUNTU-CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

CVE-2026-43437 ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain()

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

CVE-2026-43437

CVE-2026-43437 affects the Linux kernel ALSA PCM subsystem (snd_pcm_drain). The issue is a use-after-free in the drain path: during drain, runtime is reassigned to a linked stream’s runtime and after releasing the stream lock, runtime fields (no_period_wakeup, rate, buffer_size) are accessed with...

CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

OT Cybersecurity Challenges for ICS in 2026

OT Cybersecurity Challenges for ICS in 2026 OT cybersecurity has become a board-level risk because industrial control systems are no longer isolated, predictable, or invisible to attackers. In 2026, security teams protecting manufacturing plants, utilities, transportation systems, energy...

Linux Distros Unpatched Vulnerability : CVE-2026-43437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime...

PT-2026-39098

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ALSA pcm component within the snd pcm drain function. In the drain loop, the runtime variable is reassigned to a linked stream's runtime. After the...

CVE-2026-23926

creationtimestamp| type| source ---|---|--- 2026-05-06 09:54:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml6gnh5gim2i 2026-05-06 14:30:15+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3ml6w2c6y7n2q 2026-05-08 04:00:39+00:00| seen|...

Malicious code in carbonite-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fec002c13bf1ef1b49658e5dc490ca30515cf414294154827adadab04cbc234 The package carbonite-internal was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3334 Malicious code in fanduel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2d9b4e8ab1ef054d5774929963bc61b004f7914e48179850c51f77e67410a41 The package fanduel was found to contain malicious code. Source: ossf-package-analysis 49d980743cd761f6fb629d32e14864e720d1269e4208ec9e0f075c5e9f6eb4...

Thousands of Facebook accounts stolen by phishing emails sent through Google

Researchers have uncovered a long-running phishing operation that abuses trusted Google services to hijack tens of thousands of Facebook accounts. The compromised Facebook accounts are mainly business and advertiser profiles, which criminals can monetize after gaining access and control. The...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup The linked list elements and pointers are not stored in the same memory as the HDMA controller register. If the doorbell register is toggled...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas-hwptlist twice. The hwpt is only added to the hwptlist during its creation; it is never added again. This issue seems to be leftover from previous revisions. Adding an hwpt twice may...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cfg80211: Calling cfg80211stopap when switching from P2PGO type If the user-space tools switch from NL80211IFTYPEP2PGO to NL80211IFTYPEADHOC via sendmsgNL80211CMDSETINTERFACE, it does not call the cleanup function cfg80211stopap...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list...

45,000 Attacks, 5,300+ Backdoors Tied to China-Linked Cybercrime Operation

SOCRadar researchers have uncovered a massive Chinese cybercrime operation using the OpenClaw and Paperclip systems to automate global attacks...

MAL-2026-3306 Malicious code in bpmn-studio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74f940a81cf83fdce38d48caa8f864ae59438b6854a16c28b78c618441be28d9 The package bpmn-studio was found to contain malicious code. Source: ghsa-malware c4094042484c2fe0da68df30936b7782a5624bfd8c82d3ed8759a3ce66440a61 An...

MAL-2026-3196 Malicious code in react-dnd-14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa1ee45bae09f53b3ad9f05448438098f0561c4b694a22360be9d4fa4e86b3d The package react-dnd-14 was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-42523

creationtimestamp| type| source ---|---|--- 2026-04-29 14:26:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mknclb2n7s2k 2026-04-30 04:30:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mkorqf3ol323 2026-04-30 04:30:43+00:00| seen|...

JLSEC-2026-283

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library...