Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fixed an issue where the CMA heap fault handler made a mistake in calculating the boundary. Until the VMDONTEXPAND flag was added in commit 1c1914d6e8c6 “dma-buf: heaps: Don’t track CMA dma-buf pages under RssFile...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus – Track the decryption status in vmbusgpadl. In CoCo VMs, it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail, resulting in an error and the shared memory being...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm/slub: Avoid accessing metadata when the pointer is invalid in objecterr. objecterr reports details about an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempti...

SUSE CVE-2026-45971

In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOCMAXCACHESIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensi...

EUVD-2026-31077

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support '--enable-dnscrypt'. A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit...

CVE-2026-32792 Packet of death with DNSCrypt

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support '--enable-dnscrypt'. A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit...

CVE-2026-32792 Packet of death with DNSCrypt

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support '--enable-dnscrypt'. A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Zeroing allocated objects from slabs in the BPF memory allocator Currently, the freed elements in the BPF memory allocator may be reused immediately. For the htab map, reusing these elements will reinitialize special fields ...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021554)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021554 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4evictinode' Syzbot found the following issue:...

CLSA-2026-1778756179 kernel: Fix of 2 CVEs

net: skbuff: propagate shared-frag marker through pskbcopy - Bluetooth: btusb: revert use of devmkzalloc in btusb CVE-2025-71082 - nfsd: fix use-after-free due to delegation race CVE-2021-47506...

SUSE CVE-2026-43285

In the Linux kernel, the following vulnerability has been resolved: mm/slab: do not access current-memsallowedseq if !allowspin Lockdep complains when getfromanypartial is called in an NMI context, because current-memsallowedseq is seqcountspinlockt and not NMI-safe:...

BIT-JAVA-MIN-2024-47606 GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fixed the issue when the kexec target address is allocated in the CMA area. Description of the bug When I tested kexec with the latest kernel, I encountered the following warning: 40.712410 ------------ cut here ---...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flushcpuslab/freeslab invocations in task context. Commit 5a836bf6b09f "mm: slub: move flushcpuslab invocations freeslab invocations out of IRQ context" moved all flushcpuslab invocations to the global workqueue to...

Astra Linux – Vulnerability in ffmpeg5

FFmpeg v.n6.1-3-g466799d4f5 allows for memory consumption when using the colorcorrect filter, specifically in the avmalloc function located at line 105:9 of the libavutil/mem.c file...

CVE-2026-31524

In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asusreportfixup The asusreportfixup function was returning a newly allocated kmemdup-allocated buffer, but never freeing it. Switch to devmkzalloc to ensure the memory is managed and freed...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011119)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011119 advisory. In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext The following warning was...

EUVD-2026-23816

In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKBSMALLHEADCACHESIZE is intentionally set to a non-power-of-2 value e.g. 704 on x8664 to avoid collisions with generic kmalloc bucket sizes. This ensures that...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in deferfree before accessing freed memory When CONFIGSLUBTINY is enabled, kfreenolock calls kasanslabfree before deferfree. On ARM64 with MTE Memory Tagging Extension, kasanslabfree poisons the memory an...

CVE-2026-23219 mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single

In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be noticed: 3959.023862 ------------ cut here ------------ 3959.023891 alloctag was not clear...