Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ceph: fixed NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has a regression starting from 6.18-rc1. We have a issue with cephmdsauthmatch if fsname is NULL: c const char fsname =...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tcpbpf: The function tcpbpfsendverdict fails to allocate psock-cork when called, and skmsgfree must be called instead. The issue was reported by syzbot as follows: 0 The reproduction of the issue involves the following steps: 1...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/lima: fixed a memory leak in limaheapalloc. When limavmmapbo fails, the resources need to be deallocated; otherwise, there will be memory leaks...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose-height boundary issue Syzkaller identified a bug: BUG: Unable to handle page faults for address: ffffc9000a3b1000 PF: Supervisor write access in kernel mode PF: Errorcode0x0002 – Not-present page PGD...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapo: Fix for the initial map filling issue. The initial buffer must be initialized to “all-ones”, but this must be limited to the size of the first field, not the total field size. After each round of the map...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix OOB devmap writes when deleting elements Jordy reported an issue with XSKMAP, which also affects DEVMAP. Due to XSKMAP being a signed integer, OOB writes occur. The fix is simple—change the type from int to u32. However,...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: Benchmark: Properly handling NUMANONODE. The cpumaskofnode function can be called within domapbenchmark when dealing with the NUMANONODE configuration. This results in the following issue reported by the sanitizer...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: The TOCTOU issue in skisreadable has been fixed. sk-skprot-sockisreadable is a valid function pointer when sk resides in a sockmap. After the last skpsockput call which usually occurs when a socket is removed from the sockma...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: BPF: Allow deletion from sockmap/sockhash only if updating is allowed. We have received a surge in reports from syzkaller instances where a BPF program attached to a tracepoint triggered a locking rule violation by performing a...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If an TCATAPRIOATTRPRIOMAP attribute is provided, the taprioparsemqprioopt function must validate it. Otherwise, arbitrary data can be injected into the kernel when the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dm: Fix NULL pointer dereference in dmsuspend There is a race condition between the suspension of the dm device and the loading of data into the table, which can lead to a NULL pointer dereference. This issue occurs when the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed idx validation in i40evalidatequeuemap. Ensured that the idx value is within the range of active/initialized TC’s when iterating over vf-chidx in i40evalidatequeuemap...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queueprioritymap A critical memory allocation bug was fixed in the edmasetupfromhw function, where queueprioritymap was allocated with insufficient memory. The code declared...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpcputargs The failure of copytouser would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to a map leak. This issue is fixed by...

Astra Linux – Vulnerability in grub2

An integer overflow flaw was discovered in the BFS file system driver within grub2. When reading a file using an indirect extent map, grub2 fails to validate the number of extent entries to be read. A maliciously crafted or corrupted BFS file system may cause an integer overflow during file...

CVE-2026-4061

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...

Double-free and use-after-free in `Keys::next()`

Keys::next uses ptr::read to move out the Option by value, which drops the contained V when V is non-Copy e.g. String. This leaves a dangling value in the map's storage slot. Subsequent get operations on that key return a dangling reference to already-freed memory. This can be triggered through...

RUSTSEC-2026-0128 Double-free and use-after-free in `Keys::next()`

Keys::next uses ptr::read to move out the Option by value, which drops the contained V when V is non-Copy e.g. String. This leaves a dangling value in the map's storage slot. Subsequent get operations on that key return a dangling reference to already-freed memory. This can be triggered through...

EUVD-2026-26779

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...

CVE-2026-4061

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...