Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/slub: A check for s-flags was added in the alloctaggingslabfree hook function. When CONFIGMEMCG, CONFIGKFENCE, and CONFIGKMEMLEAK are enabled, the following warning always occurs. This is because the following call stack...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xfrm: Update ipcompscratches with NULL when freed Currently, if ipcompallocscratches fails to allocate memory, ipcompscratches holds an obsolete address. Therefore, when we try to free the percpu scratches using...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: SELinux: The use of both GFPKERNEL and GFPATOMIC in convertcontext was enabled. The following warning was triggered in a hardware environment: SELinux: Converting 162 SID table entries... BUG: The sleeping function was called...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/rds: Fixed a circular locking dependency in rdstcptune syzbot reported a circular locking dependency in rdstcptune, where sknetrefcntupgrade is called while holding the socket lock:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fixed a deadlock in memory allocation under spinlock. A deadlock occurred in the refillskbs function, where memory allocation while holding skbpool-lock could trigger a recursive lock acquisition attempt. This deadlock...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fixed a memory leak in mlx5eptpopen. When kvzallocnode or kvzalloc fails in mlx5eptpopen, the memory pointed to by “c” or “cparams” is not freed, which can lead to a memory leak. This issue has been fixed by freeing th...

Astra Linux – Vulnerability in Thrift

In Apache Thrift versions 0.9.3 to 0.13.0, malicious RPC clients could send short messages, resulting in a large memory allocation and potentially causing a denial of service...

Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in the Linux kernel before version 6.3.4. In the fs/ksmbd/connection.c file of ksmbd, there is an off-by-one error in memory allocation due to ksmbdsmb2checkmessage, which may lead to out-of-bounds access...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommususpend. The iommususpend system call’s suspend callback is invoked with IRQs disabled.allocating memory with the GFPKERNEL flag may re-enable IRQs during the suspend callback, which ca...

CVE-2026-6948

CVE-2026-6948 affects Velociraptor servers prior to version 0.76.4, where the VQLResponse Result-Set Writer can allocate memory unboundedly in the agent control channel. A compromised Velociraptor client can trigger an Out-Of-Memory (OOM) condition, crashing the server by sending crafted messages...

Linux Distros Unpatched Vulnerability : CVE-2026-21728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy...

CVE-2026-31706

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses it to size a heap allocation: acesbase = kmallocsizeofstruct smbace...

CVE-2026-43055

The CVE-2026-43055 issue affects the Linux kernel SCSI target: file implementation. The root cause is that target_core_file does not initialize aio_cmd->iocb for ki_write_stream, which can yield a bogus ki_write_stream value during fd_execute_rw_aio() and lead to unintended write failure statu...

CVE-2026-43044

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as...

CVE-2026-43044

The CVE-2026-43044 issue affects the Linux kernel's crypto: caam module. When processing HMAC keys longer than the block size, the copied key’s memory was not properly aligned for DMA, risking corruption of adjacent memory. The vulnerability’s root cause was the allocation of a copy that relied o...

EUVD-2026-26559

In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: Fix memory leak with CCA cards used as accelerator Tests showed that there is a memory leak if CCA cards are used as accelerator for clear key RSA requests ME and CRT. With the last rework for the memory allocation t...

EUVD-2026-26515

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses it to size a heap allocation: acesbase = kmallocsizeofstruct smbace...

CVE-2026-31706

In ksmbd (Linux kernel), CVE-2026-31706 is due to a validation flaw in smb_inherit_dacl(): the on-disk num_aces from a parent directory’s security.NTACL is trusted to size a heap allocation (kmalloc(sizeof(struct smb_ace) * num_aces * 2)) without verifying consistency with pdacl_size. An authenti...

PT-2026-36461

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as...

Wireshark 2.0.x < 2.0.11 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.0.11. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.0.11 advisory. - In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet...