Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: tpm: Changed to kvalloc in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: 10.693310 T1 tpmtis STM0925:00: 2.0 TPM device-id 0x3, rev-id 0 10.848132 T1 ------------ Cut here ------------ 10.853559 T1...

Astra Linux - уязвимость в libstb

stbvorbis is a single-file MIT licensed library for processing OGG Vorbis files. A maliciously crafted file may trigger an out-of-bounds write vulnerability in the line f-vendorlen = char'\0';. The root cause of this issue is that if len read from startdecoder is -1, then len + 1 becomes 0 when...

Astra Linux - уязвимость в netcdf

A issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxmlparse functions improperly handle XML entities, resulting in an infinite loop where memory allocation occurs...

JLSEC-2026-317

HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FLarrmalloc in H5FL.c called from H5Ssetextentsimple in H5S.c...

GHSA-JJ7C-X25R-R8R3 Brillig: Heap corruption in foreign call results with nested tuple arrays

Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in BrilligBlock::compileblock. When the compiler encounters an Instruction::Call with a Value::ForeignFunction target, it invokes...

CVE-2026-20049

A vulnerability in the processing of Galois/Counter Mode GCM-encrypted Internet Key Exchange version 2 IKEv2 IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker to cause...

UBUNTU-CVE-2026-23222

In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAPCRYPTOFORCECOPY scatterlists correctly The existing allocation of scatterlists in omapcryptocopysglists was allocating an array of scatterlist pointers, not scatterlist objects, resulting in a 4x too...

Azure Linux 3.0 Security Update: kernel (CVE-2024-57997)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57997 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: wcn36xx: fix channel survey memory...

CVE-2025-71139

In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area Bug description When I tested kexec with the latest kernel, I ran into the following warning: 40.712410 ------------ cut here ------------ 40.712576 WARNING: CPU: 2 PID:...

MiracleLinux 4 : glibc-2.12-1.47.AXS4.5 (AXSA:2012-123:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-123:02 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as t...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993021)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993021 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/hisi: Drop second sensor hi3660 The commit 74c8e6bffbe1 driver core: Add allocsiz...

CVE-2023-54169 net/mlx5e: fix memory leak in mlx5e_ptp_open

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5eptpopen When kvzallocnode or kvzalloc failed in mlx5eptpopen, the memory pointed by "c" or "cparams" is not freed, which can lead to a memory leak. Fix by freeing the array in the error path...

EUVD-2025-203739

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list "struct sdcacontrol" declares "values" field as integer array. But the memory allocated to it is of char array. This causes crash for sdcaparsefunction API. This patch...

CVE-2025-68281

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list "struct sdcacontrol" declares "values" field as integer array. But the memory allocated to it is of char array. This causes crash for sdcaparsefunction API. This patch...

CVE-2025-68281

The CVE-2025-68281 entry concerns the Linux kernel ASoC SDCA component. The root cause is a mismatch in the sdca_control structure where the values field is declared as an integer array but memory was allocated as a char array, causing a crash in the sdca_parse_function API. A patch was applied t...

Ubuntu: Security Advisory (USN-7871-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-434151)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-434151 advisory. In the Linux kernel, the following vulnerability has been resolved: dosysnametohandle: use kzalloc to fix kernel-infoleak syzbot identified a kernel information leak...

Linux Distros Unpatched Vulnerability : CVE-2025-39869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dmaengine: ti: edma: Fix memory allocation size for queueprioritymap Fix a critical memory allocation bug in edmasetupfromhw where queueprioritymap was allocate...

CVE-2025-39869 dmaengine: ti: edma: Fix memory allocation size for queue_priority_map

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queueprioritymap Fix a critical memory allocation bug in edmasetupfromhw where queueprioritymap was allocated with insufficient memory. The code declared queueprioritymap as s8 ...

Linux Distros Unpatched Vulnerability : CVE-2025-39836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - efi: stmm: Fix incorrect buffer allocation method The communication buffer allocated by setupmmhdr is later on passed to teeshmregisterkernelbuf. The latter...