Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: blk-mq: Fixed a possible memory leak when registering the ‘hctx’ structure failed. There is one issue that arises during fault injection tests: An unreferenced object with a size of 512 bytes: bash comm "insmod", pid 308021,...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix to correctly check the readonly condition. In the following case, it is possible to mount a multi-device image with the rw option. However, if one of the secondary devices is set as ro, subsequent updates will cause a...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: xhci: Handling of TD clearing for multiple streams When multiple streams are in use, multiple TDs might be active during the termination of an endpoint. We need to issue a Set TR Dequeue Pointer for each TD to ensure everything i...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211 – Fixed an issue where out-of-bounds access occurred during the multi-link element defragmentation process. Currently, during the multi-link element defragmentation process, the length of the multi-link element is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Net: DSA: Fix for panic upon shutdown if the multi-chip tree fails to probe. DSA probing is atypical because the device tree must probe all devices at once. Thus, out of N switches that call dsatreesetuproutingtable during probin...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: IB/hfi1: Fixed bugs related to non-PAGESIZE-end multi-iovec user SDMA requests. The processing of hfi1 user SDMA requests contains two bugs that can cause data corruption for user SDMA requests with multiple payload iovecs. In...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Ensure visibility when inserting an element into tracingmap. Running the following two commands in parallel on a multi-processor AArch64 machine may occasionally generate an unexpected warning regarding duplicate...

Astra Linux – Vulnerability in hiredis

Hiredis is a minimalistic C client library for the Redis database. In affected versions, Hiredis can be vulnerable to integer overflow if maliciously crafted or corrupted RESP mult-bulk protocol data is provided. When parsing mult-bulk array-like replies, Hiredis fails to check whether count...

Astra Linux – Vulnerability in python-cryptography

In the cryptography package for Python before version 3.3.2, certain sequences of update calls to symmetrically encrypt multi-GB values could lead to integer overflows and buffer overflows, as demonstrated by the Fernet class...

Astra Linux – Vulnerability in glib2.0

A issue was discovered in GNOME GLib before version 2.78.5, and also in versions 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: autofs: Fixed a memory leak in waitqueues in autofscatatonicmode. Syzkaller reports a memory leak: BUG: Memory leak Unreferenced object: 0xffff88810b279e00 size 96 Command: “syz-executor399”, PID 3631, Jiffies: 4294964921 age:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: smartpqi: Correct device removal for multi-actuator devices. Correct device count for multi-actuator drives, which can cause kernel panics...

Astra Linux – Vulnerability in Linux

A out-of-bounds memory write flaw was discovered in the listdevices function within drivers/md/dm-ioctl.c in the Multi-device driver module of the Linux kernel before version 5.12. A bound check failure allows an attacker with special user CAPSYSADMIN privileges to gain access to out-of-bounds...

Astra Linux – Vulnerability in libxml2

In libxml2 versions prior to 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer do not check for integer overflows. This can lead to out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software that uses libxml2...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/dpmst: Fixed the check on the length of the MST sideband message body. The check on the length of the MST sideband message body must ensure that it is at least 1 byte, taking into account the message body CRC also known as th...

Astra Linux – Vulnerability in nss

A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...

QASecClaw: A Multi-Agent LLM Approach for False Positive Reduction in Static Application Security Testing

Static Application Security Testing tools help developers find security vulnerabilities before release, but they often produce many false positives. This increases manual review effort, reduces developer trust, and may cause real vulnerabilities to be ignored among noisy reports. We present...

CyberAId: AI-Driven Cybersecurity for Financial Service Providers

European financial institutions face mounting regulatory pressure while their security operations centres remain constrained not by data or staffing but by reasoning capacity: enterprise SIEMs cover only a fraction of MITRE ATT&CK techniques, two thirds of SOC teams cannot keep pace with alert...

MAL-2026-3287 Malicious code in ams-ssk (npm)

Malicious npm package published by user shetty123 as part of a Telegram account hijacking framework targeting Indian Telegram users. All 31 published versions 1.0.0 through 1.0.33 are malicious. Pairs with common-tg-service, which performs the client-side Telegram account takeover. ams-ssk is the...

Linux Distros Unpatched Vulnerability : CVE-2026-43010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Reject sleepable kprobemulti programs at attach time kprobe.multi programs run in atomic/RCU context and cannot sleep. However, bpfkprobemultilinkattach di...