Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xsk: Validates the MTU against the usable frame size when binding. The AFXDP binding currently accepts zero-copy pool configurations without verifying that the device’s MTU fits within the usable frame space provided by the UMEM...

Astra Linux – Vulnerability in netcdf

The ezxmlnew function in ezXML 0.8.6 and earlier is vulnerable to OOB write attacks when opening an XML file after exhausting the memory pool...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23033)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dmapool resource leak in error paths The dmapool created by dmapoolcreate is not destroyed when dmaasyncdeviceregister or ofdmacontrollerregister fails, causing a resource leak in the probe error paths. A...

CVE-2026-44890

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending specially crafted Redis payloads across multiple connections without proper termination. This can exhaust the server's direct memory pool, leading to a Denial of Service DoS condition where legitima...

SUSE CVE-2026-44890

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

CVE-2026-48006 Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

CVE-2026-48006 Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

EUVD-2026-36492

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

GHSA-6JV9-X5W9-2CCM Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Impact The RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate completes. The handler retains child messages in per-handler state depths field but defines no channelInactive, handlerRemoved, or...

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper cleanup of pooled direct-memory buffers in the RedisArrayAggregator function. An attacker can exhaust the JVM-wide direct-memory pool by repeatedly opening and closing...

Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Impact The RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate completes. The handler retains child messages in per-handler state depths field but defines no channelInactive, handlerRemoved, or...

PT-2026-48682

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description The RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

Astra Linux - уязвимость в netcdf

The ezxmltoxml function in ezxml 0.8.6 and earlier is vulnerable to out-of-band OOB writes when opening an XML file after exhausting the memory pool...

Astra Linux - уязвимость в wayland

An internal reference count is maintained on the buffer pool; this count increments every time a new buffer is created from the pool. The reference count is stored as an integer. On LP64 systems, this can lead to an overflow if the client creates a large number of wlshm buffer objects, or if it...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cgroup/dmem: avoided UAF in the pool An UAF issue was observed: BUG: KASAN: slab-use-after-free in pagecounteruncharge+0x65/0x150 Write of size 8 at addr ffff888106715440 by task insmod/527 CPU: 4 UID: 0 PID: 527 Comm: insmod...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Firmware: stratix10-svc – A potential resource leak has been fixed in svccreatememorypool. svccreatememorypool is only called from stratix10svcdrvprobe. Most of the resources within the probe are managed, but this memremap call i...

Nimiq 数字错误漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a numerical error vulnerability. This vulnerability stems from the nimiq-account contract’s VestingContract::canchangebalance function, which returns AccountError::InsufficientFund...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011220)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011220 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10syncrequest initresync inits mempool and sets...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011319)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011319 advisory. In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: Fix a potential resource leak in svccreatememorypool svccreatememorypool...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-013408)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013408 advisory. In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btreeiter btreeiter is used in two ways: either...