EulerOS 2.0 SP13 : libarchive (EulerOS-SA-2026-2294)

According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing...

Poppler 输入验证错误漏洞

Poppler is an open-source PDF rendering library developed by Poppler. Poppler has a vulnerability related to input validation errors. This vulnerability stems from an integer overflow in the tilingPatternFill function within the Splash backend. As a result of this overflow, insufficient heap memo...

CVE-2026-46010

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgkextracttoken Fix a missing bit of error handling in rxgkextracttoken: in the event that rxgkdecryptskb returns -ENOMEM, it should just return that rather than continuing on for anything else, it...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021580)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021580 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUGON on ENOMEM from btrfslookupextentinfo in walkdownproc We handle errors here...

PT-2026-39066

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component where the ceph monmap decode function uses signed int variables for blob len and num mon. Because these variables are intended to hold non-negati...

CVE-2026-43202 fbdev: vt8500lcdfb: fix missing dma_free_coherent()

In the Linux kernel, the following vulnerability has been resolved: fbdev: vt8500lcdfb: fix missing dmafreecoherent fbi-fb.screenbuffer is allocated with dmaalloccoherent but is not freed if the error path is reached...

CVE-2026-43192

The provided sources describe CVE-2026-43192 as a Linux kernel issue in the device-mapper multipath (dm mpath) subsystem. A missing cleanup (dm_put_device) when failing to retrieve the SCSI handler name during path parsing (scsi_dh_attached_handler_name) could leak references to the path device. ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed DMA mapping leaks During the reallocation of RX buffers, new DMA mappings are created for those buffers. Reproduction steps: While doing the following: Do For i=0; i=8160; i=i+32 Do ethtool -G enp130s0f0 rx $i tx $...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix resource leaks in vdecmsgqueueinit If any error occurs in vdecmsgqueueinit, we need to set msgqueue-wdmaaddr.size = 0;. Normally, this is done inside the vdecmsgqueuedeinit function. However, if the...

Astra Linux – Vulnerability in grub2

Integer underflow in grubnetrecvip4packets; A malicious IP packet can cause an integer underflow in the grubnetrecvip4packets function, affecting the rsm-totallen value. Under certain circumstances, the totallen value may wrap around to a small integer number, which will be used in memory...

CVE-2026-31552

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom Since upstream commit e75665dd0968 "wifi: wlcore: ensure skb headroom before skbpush", wl1271txallocate and with it wl1271preparetxframe returns...

CVE-2026-4426

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

EUVD-2026-12854

In the Linux kernel, the following vulnerability has been resolved: xfs: check return value of xchkscrubcreatesubord Fix this function to return NULL instead of a mangled ENOMEM, then fix the callers to actually check for a null pointer and return ENOMEM. Most of the corrections here are for code...

CVE-2026-23250 xfs: check return value of xchk_scrub_create_subord

In the Linux kernel, the following vulnerability has been resolved: xfs: check return value of xchkscrubcreatesubord Fix this function to return NULL instead of a mangled ENOMEM, then fix the callers to actually check for a null pointer and return ENOMEM. Most of the corrections here are for code...

PT-2026-22977

A vulnerability in the processing of Galois/Counter Mode GCM-encrypted Internet Key Exchange version 2 IKEv2 IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker to cause...

kernel: ext4: fix use-after-free in ext4_orphan_cleanup

A use-after-free vulnerability was found in the ext4 filesystem's orphan inode cleanup routine in the Linux kernel. When ext4inodeattachjinode fails with -ENOMEM during orphan cleanup at mount time, the error is not properly propagated. The inode is freed via iput, but the orphan list still...

kernel: ext4: fix use-after-free in ext4_orphan_cleanup

A use-after-free vulnerability was found in the ext4 filesystem's orphan inode cleanup routine in the Linux kernel. When ext4inodeattachjinode fails with -ENOMEM during orphan cleanup at mount time, the error is not properly propagated. The inode is freed via iput, but the orphan list still...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from errors in memory allocation. This vulnerability may lead to excessive memory allocation and trigg...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37852)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37852 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpucgscreatedevice...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56660)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56660 advisory. - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, prevent potential error...