Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bonding: A potential infinite loop has been prevented in the bondheaderparse function. The bondheaderparse function may enter an infinite loop if a stack of two bonding devices is set up. This occurs because skb-dev always points...

Astra Linux - уязвимость в libcommons-compress-java

There is a vulnerability related to the “Unreachable Exit Condition” „Infinite Loop“ in Apache Commons Compress. This issue affects Apache Commons Compress versions from 1.3 to 1.25.0. Users are recommended to upgrade to version 1.26.0, which fixes this issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions. The clcsock callback functions will be saved and replaced during the fallback process. However, if the fallback occurs more than once, the copies of these...

Astra Linux - уязвимость в python3.11

There is a HIGH-severity vulnerability affecting the CPython “zipfile” module, specifically the “zipfile.Path” class. It should be noted that the more commonly used API “zipfile.ZipFile” class is not affected. When iterating over the names of entries in a zip archive for example, methods like...

Astra Linux - уязвимость в exiv2

In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file may lead to an infinite loop and system hangs, accompanied by high CPU consumption. Remote attackers could exploit this vulnerability to cause a denial of service by using a specially crafted file...

Astra Linux - уязвимость в mongo-c-driver

When calling bsonutf8validate on certain inputs, it is possible for an infinite loop to occur, with no way to exit. This issue affects All MongoDB C Driver versions prior to version 1.25.0...

Astra Linux - уязвимость в firefox

The frame iterator could get stuck in a loop when encountering certain Wasm frames, leading to incorrect stack traces. This vulnerability affects Firefox 128 and Thunderbird 128...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dm crypt: added condresched to dmcryptwrite The loop in dmcryptwrite may run for an unlimited amount of time; therefore, condresched is needed. This commit fixes the following warning: 3391.153255 C12 watchdog: BUG: soft lockup –...

Astra Linux - уязвимость в pygments

An infinite loop in the SMLLexer of Pygments versions 1.5 to 2.7.3 may lead to a denial of service when performing syntax highlighting of a Standard ML SML source file. This issue is observed when the input only contains the “exception” keyword...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: A overflow issue in getfreeelt has been fixed. The variable tracingmap-nextelt is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracingmap, even when the maximum number of element...

Astra Linux - уязвимость в udisks2

A flaw was discovered in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is accomplished through the loop device handler, which processes requests sent through the D-BUS interface. As part of this handler’s functionality, it receives a lis...

SUSE CVE-2026-31703

In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inodeswitchwbsworkfn inodeswitchwbsworkfn has a loop like: wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !list break; ... process the items ... Now adding of...

PT-2026-36667

CVE-2026-30412 SentinelCloud, AI-Driven Autonomous DevOps Engineer One closed loop. Five agents. Seven scenarios. Zero hallucinated kubectl. Live demo https://t.co/ocEWNzLf9Z...

JLSEC-2026-382

libexpat before 2.7.5 allows an infinite loop while parsing DTD content...

CVE-2026-43054

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation scsieh.rst requires that when a...

CVE-2026-43034

In the Linux kernel, the following vulnerability has been resolved: bnxten: set backing store type from query type bnxthwrmfuncbackingstoreqcapsv2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctxarr and...

CVE-2026-31778

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix stack out-of-bounds read in initcard The loop creates a whitespace-stripped copy of the card shortname where len id is used for the bounds check. Since sizeofcard-id is 16 and the local id buffer is also 16 bytes...

CVE-2026-43054

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation scsieh.rst requires that when a...

CVE-2026-43054 scsi: target: tcm_loop: Drain commands in target_reset handler

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation scsieh.rst requires that when a...

EUVD-2026-26653

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation scsieh.rst requires that when a...