Astra Linux - уязвимость в hdf5

The HDF5 library from version 1.14.3 has a segmentation fault in the H5VM.c function H5VMmemcpyvv...

UBUNTU-CVE-2026-43620

Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...

kernel: out-of-bound read in memcpy_fromiovecend()

A flaw was found in the Linux kernel that allows the userspace to call memcpyfromiovecend and similar functions with a zero offset and buffer length. This can cause a read beyond the buffer boundaries flaw and, in certain cases, cause a memory access fault and a system halt by accessing invalid...

Astra Linux - уязвимость в fig2dev

A out-of-bounds flaw was discovered in the fig2dev version 3.2.8a. A flawed bounds check in the readobjects function could allow an attacker to provide malicious input, causing the application to crash or, in some cases, leading to memory corruption. The greatest threat of this vulnerability is...

CVE-2026-31742

In the Linux kernel, the following vulnerability has been resolved: vt: discard stale unicode buffer on alt screen exit after resize When enteraltscreen saves vcunilines into vcsavedunilines and sets vcunilines to NULL, a subsequent console resize via vcdoresize skips reallocating the unicode...

DEBIAN-CVE-2026-31597

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix use-after-free in ocfs2fault when VMFAULTRETRY filemapfault may drop the mmaplock before returning VMFAULTRETRY, as documented in mm/filemap.c: "If our return value has VMFAULTRETRY set, it's because the mmaplock may b...

EUVD-2026-25490

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix use-after-free in ocfs2fault when VMFAULTRETRY filemapfault may drop the mmaplock before returning VMFAULTRETRY, as documented in mm/filemap.c: "If our return value has VMFAULTRETRY set, it's because the mmaplock may b...

PT-2026-34949

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ocfs2 fault function. This occurs because filemap fault may drop the mmap lock before returning VM FAULT RETRY. In such cases, a concurrent munmap ca...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007480)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007480 advisory. In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb',...

CVE-2026-23343

CVE-2026-23343 involves the Linux kernel XDP tailroom calculation. Docked fixes describe that many ethernet drivers expose rx queue frag size, while xdp_frags_increase_tail() expects a truesize, causing unsigned tailroom to drift toward UINT_MAX and potentially grow tail space, leading to memory ...

CVE-2025-71270 LoongArch: Enable exception fixup for specific ADE subcode

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable exception fixup for specific ADE subcode This patch allows the LoongArch BPF JIT to handle recoverable memory access errors generated by BPFPROBEMEM instructions. When a BPF program performs memory access...

📄 Wireshark Dissector Crash Denial of Service

A vulnerability in the RF4CE Profile protocol dissector of Wireshark versions 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13 allows an attacker to trigger a denial of service condition by supplying a specially crafted IEEE 802.15.4 packet capture file. The flaw exists in the handling of malformed...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-872)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-872 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992942)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992942 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred ...

CVE-2025-10886

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-40340

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix oops in xegemfault when running corehotunplug test. I saw an oops in xegemfault when running the xe-fast-feedback testlist against the realtime kernel without debug options enabled. The panic happens after corehotunpl...

CVE-2025-40340 drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test.

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix oops in xegemfault when running corehotunplug test. I saw an oops in xegemfault when running the xe-fast-feedback testlist against the realtime kernel without debug options enabled. The panic happens after corehotunpl...

CVE-2022-50647 RISC-V: Make port I/O string accessors actually work

In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb', outsb', etc. which use the physical PCI port I/O address rather than the corresponding memory mapping to get at the requested...

CVE-2022-50647

CVE-2022-50647 relates to a Linux kernel issue on RISC‑V where port I/O string accessors (insb/outsb, etc.) used the physical PCI port I/O address instead of memory mapping, breaking parport/PCIe parallel-port accesses and causing kernel faults (memory access fault: Unable to handle kernel access...

CVE-2025-40272

CVE-2025-40272 affects Linux kernel mm/secretmem: a use-after-free race in the fault handler can occur when two tasks fault on the same secret memory page concurrently. The bug arises from freeing the folio before restoring the direct map, which could let a then-allocated page become accessible a...