Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: vidtv: Fixed a null pointer dereference in vidtvmuxstopthread. A report from syzbot indicated a null pointer dereference in vidtvmuxstopthread. 1 If dvb-mux is not initialized successfully by vidtvmuxinit during...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: mux: reg: Check the return value after calling platformgetresource. This issue could lead to a null-ptr-deref in resourcesize, if platformgetresource returns NULL. It is recommended to move the call to resourcesize after...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘tty: ngsm: fix UAF in gsmcleanupmux’” This reversion involves commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The above commit was reverted because it did not solve the original issue. The gsmcleanupmux function attempt...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: tty: ngsm: Fixed a use-after-free in gsmcleanupmux. Bug: KASAN: Slab-use-after-free in gsmcleanupmux+0x77b/0x7b0. drivers/tty/ngsm.c:3160 ngsm Read of size 8 at addr ffff88815fe99c00 by task poc/3379. CPU: 0; UID: 0; PID: 3379...

EUVD-2026-27759

In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls ofnodeputclkmuxnp on the error path. However, after the devmaddactionorres...

CVE-2026-43196

In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls ofnodeputclkmuxnp on the error path. However, after the devmaddactionorres...

CVE-2026-43196 soc: ti: pruss: Fix double free in pruss_clk_mux_setup()

In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls ofnodeputclkmuxnp on the error path. However, after the devmaddactionorres...

CVE-2026-43155 mux: mmio: fix regmap leak on probe failure

In the Linux kernel, the following vulnerability has been resolved: mux: mmio: fix regmap leak on probe failure The mmio regmap that may be allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures e.g. probe deferral and ...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a double deallocation in the prussclkmuxsetup function within the soc ti pruss code...

PT-2026-37536

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the pruss clk mux setup function. The devm add action or reset function indirectly triggers pruss of free clk provider, which executes of node putclk mux np...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: mux: Added checks and calls to kstrdup. A check is performed on the return value of kstrdup; if it fails, an error is returned to avoid NULL pointer dereferencing. Additionally, kfree is used in the subsequent error...

GHSA-JJ45-XVQ5-RHH9 Kratos has a Confused Deputy issue

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

Kratos has a Confused Deputy issue

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

CVE-2026-6993

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

CVE-2026-6993 go-kratos http.DefaultServeMux Fallback server.go NewServer confused deputy

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

EUVD-2026-25669

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

CVE-2026-6993

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

PT-2026-34937

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the vidtv driver. When the vidtv start streaming function fails within vidtv start feed, the nfeeds counter remains incremented despite no feed being started. Thi...

PT-2026-31352

Summary The cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. Details The cache server is routed in the pre-mux chain in the shard code. The...

GHSA-5FG6-WRQ4-W5GH AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass

VULNERABILITY: HTTP/2 Cleartext h2c Upgrade Authentication Bypass ======================================================================== Severity: CRITICAL CVSS 3.1: 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE: CWE-287 Improper Authentication Component: internal/home/web.go Affected:...