CVE-2026-40290

OP-TEE (Trusted Execution Environment) on Arm Cortex-A with TrustZone suffers a Use-After-Free race in FF-A shared-memory teardown when OP-TEE is configured as an SPMC for S-EL0 SPs (CFG_SECURE_PARTITION=y). The bug lies in sp_mem_remove() not acquiring the global sp_mem_lock before freeing entri...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fixed an issue where the wrong pointer was passed as an argument to vpvdparemove. In vpvdparemove, the code kfree&vpvdpamgtdev-mgtdev.idtable uses a reference to a pointer as an argument to kfree. This is a wrong...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: x86/mm: The window where TLB flushes may be inadvertently skipped has been eliminated. TL;DR: There is a window in the MM switching code where the new CR3 is set, and the CPU should receive TLB flushes for the new MM. However,...

Linux Distros Unpatched Vulnerability : CVE-2026-43432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: xhci: Fix memory leak in xhcidisableslot xhcialloccommand allocates a command structure and, when the second argument is true, also allocates a completion...

BIT-JAVA-MIN-2025-6052 Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

Adobe Substance3D Stager Resource Management Error Vulnerability (CNVD-2026-16826)

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance3D Stager. The vulnerability stems from a mix-up in the instructions responsible for freeing memory, which can be exploited by attacker...

SUSE CVE-2026-33984

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resizevbarentry in libfreerdp/codec/clear.c, vBarEntry-size is updated to vBarEntry-count before the winpralignedrecalloc call. If realloc fails, size is inflated while pixels still points to the old,...

CVE-2026-23077 mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge

In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix anonvma UAF on mremap faulted, unfaulted merge Patch series "mm/vma: fix anonvma UAF on mremap faulted, unfaulted merge", v2. Commit 879bca0a2c4f "mm/vma: fix incorrectly disallowed anonymous VMA merges" introduced th...

ROS-20260203-73-0042

A vulnerability in the phyledtriggers.c component of the Linux operating system kernel is related to improper memory freeing before deleting the last reference. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38071)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38071 advisory. - In the Linux kernel, the following vulnerability has been resolved: x86/mm: Check return value from...

Microsoft Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (CNVD-2026-17152)

Microsoft Windows Ancillary Function Driver for WinSock is an ancillary function driver for Winsock from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Windows Ancillary Function Driver for WinSock, which is caused by freeing memory in the WinSock Ancillary Function...

RHEL 9 : webkit2gtk3 (RHSA-2025:23974)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23974 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: webkitgtk: Use-after-free...

RockyLinux 8 : webkit2gtk3 (RLSA-2025:23663)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23663 advisory. webkitgtk: webkitgtk: Use-after-free due to improper memory management CVE-2025-43529 webkitgtk: Processing maliciously crafted web content may lead to ...

Linux Distros Unpatched Vulnerability : CVE-2025-68199

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - codetag: debug: handle existing CODETAGEMPTY in markobjextsempty for slabobjext When allocslabobjexts fails and then later succeeds in allocating a slab...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989521)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989521 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: don't BUG if someone dirty pages without asking ext4 first unpinuserpagesremote is dirtying...

PT-2025-44869

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2 watchOS versions prior to 26.1 Safari versions prior to 26.1 visionOS versions prior to 26.1 Description A use-after-free issue existed due to improper memory management. Processing...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: mm: userfaultfd: fix race of userfaultfdmove and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUGON in commit c50f8e6053b0, we may see the same BUGON if the filemap lookup...

CVE-2022-50466 fs/binfmt_elf: Fix memory leak in load_elf_binary()

In the Linux kernel, the following vulnerability has been resolved: fs/binfmtelf: Fix memory leak in loadelfbinary There is a memory leak reported by kmemleak: unreferenced object 0xffff88817104ef80 size 224: comm "xfsadmin", pid 47165, jiffies 4298708825 age 1333.476s hex dump first 32 bytes: 00...

CVE-2022-50423 ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage There is an use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpiutremovereference+0x3b/0x82 Read of size 1 at addr ffff888112afc460 by task modprobe/2111...