Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fixed the null-ptr-deref read operation in txBegin. Syzkaller reported a issue where txBegin might be called on a superblock within a read-only mounted file system, leading to a NULL pointer dereference. This issue can b...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: erofs: fixed the UAF issue for file-backed mounts with the directio option 9.269940 T3222 Call trace: 9.269948 T3222 ext4filereadIter+0xac/0x108 9.269979 T3222 vfsiocbiterread+0xac/0x198 9.269993 T3222...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: opentreeattr: Do not allow id-mapping changes without OPENTREECLONE. As described in commit 7a54947e727b Merge patch series “fs: allow changing idmappings”, opentreeattr2 was necessary to allow for a detached mount to be created...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs: dropping peer group IDs under namespace lock When cleaning up peer group IDs in the failure path, we need to ensure that the namespace lock is retained. Otherwise, another thread might simultaneously change the mount status...

Astra Linux – Vulnerability in runc-app

Runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, as well as 1.3.0-rc.1 through 1.3.1, and 1.4.0-rc.1 and 1.4.0-rc.2, runc did not perform sufficient verification to ensure that the source of the bind-mount i.e., the container’...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dochangetype: refusal to operate on unmounted/not ours mounts. It is ensured that propagation settings can only be changed for mounts located within the caller’s mount namespace. This change aligns permission checks with those of...

PT-2026-51058

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description The CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image...

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

EUVD-2026-35392

TYPO3 CMS: Destructive Actions on File Mount Folders...

GHSA-3V8V-4WG6-R7QH TYPO3 CMS: Destructive Actions on File Mount Folders

Problem Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS,...

DEBIAN-CVE-2026-42306

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

EUVD-2026-35399

TYPO3 CMS has Broken Access Control in Backend API...

CVE-2026-42306

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

CVE-2026-47352

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

SUSE CVE-2026-46329

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

CVE-2026-46329

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

UBUNTU-CVE-2026-46329

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

CVE-2026-46329

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

CVE-2026-46329 erofs: handle end of filesystem properly for file-backed mounts

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

EUVD-2026-35430

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...