140 matches found
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: rnbd-srv: Zero the rsp buffer before using it. Before using the data buffer to send back the response message, completely zero it. This prevents any stray bytes from being picked up by the client side when messages are exchanged...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstructing the file type when loading from disk syzbot reports that the SIFMT bits of the inode-imode field can become invalid when: 1. The 32-bit “mode” field loaded from disk is corrupted; 2. The 32-bit “attributes”...
Linux Distros Unpatched Vulnerability : CVE-2026-8924
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an...
CVE-2026-47329
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses...
PT-2026-44482
Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Ubuntu Linux version 6.17 Ubuntu Linux version 7.0 Description AppArmor SAUCE patches contain a flaw that can lead to an incorrect computation of an internal buffer size. This results in a heap memory out-of-bounds...
PT-2026-44478
Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Ubuntu Linux version 6.17 Ubuntu Linux version 7.0 Description SAUCE patches fail to validate invalid sizes of the name field in AppAmor notification responses. This issue can be triggered by an unprivileged local user...
Stable Channel Update for Desktop
The Stable channel has been updated to 148.0.7778.216/217 for Windows and 148.0.7778.215/216 Mac and 148.0.7778.215 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and...
Astra Linux – Vulnerability in Linux
The fix for XSA-365 includes the initialization of pointers so that subsequent cleanup code would not use uninitialized or stale values. However, this initialization went too far and may, under certain conditions, also overwrite pointers that need to be cleaned up. The lack of cleanup would resul...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between freeswapandcache and swapoff There was previously a theoretical scenario where swapoff could execute and tear down the swapinfostruct while a call to freeswapandcache was running in another thread. This...
Astra Linux – Vulnerability in Linux, Linux 5.10
The function emsusbstartxmit in the file drivers/net/can/usb/emsusb.c within the Linux kernel, up to version 5.17.1, contains a double-free...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: The offset and length are sanitized before calling skbchecksum. If the access to the sum of the offset and length exceeds the skbuff length, then skbchecksum triggers a BUGON. skbchecksum internally subtrac...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: scsitransportsas: Fixed error handling in sasPhyadd. If transportadddevice fails in sasPhyadd, the kernel may crash when trying to delete the device via transportRemoveDevice, which is called from sasRemoveHost. The kernel...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: dccp: Fixed a race condition involving the dp-dccpsmsscache variable. The dccpsendmsg function reads the dp-dccpsmsscache before locking the socket. The same issue occurs in dodccpgetsockopt. Added annotations for...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A use-after-free vulnerability was discovered in iscsiswtcpsessioncreate in drivers/scsi/iscsitcp.c within the SCSI sub-component of the Linux kernel. This flaw allows an attacker to access internal kernel information...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not ASSERT if the newly created subvolume has already been read. BUG There is a syzbot crash, triggered by the ASSERT during subvolume creation: Assertion failed: !anondev, in fs/btrfs/disk-io.c:1319 ----------- kernel...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: modpost: fixed an issue where the comparison in isexecutablesection was off by one. The comparison should be set to = to prevent out-of-bounds array access...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: The issue lies in ofparsephandlewithargsmap. In this function, the inner loop that iterates through the map entries calls ofnodeputnew to free the reference acquired during the previous iteration of the inner loop. This assumes...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: IB/hfi1: Fixed a possible panic during hotplug remove. During hotplug remove, it is possible that the update counters’ operations might still be pending, and they may run after memory has been freed. Cancel the update counters...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: removed one synchronizenet call from ipv6mcdown. As discussed in previous discussions commit 2d3916f31891 “ipv6: fix skb drops in igmp6eventquery and igmp6eventreport”, the synchronizenet call in ipv6mcdown is not...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access The commit 4d0c8d0aef63 “mmc: core: Use mrq.sbc in close-ended ffu” assigns previdata = idatasi - 1, but does not check that the iterator i is greater than zero. We will fix this ...