Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Correctly handled csum tree errors with rescue=ibadroots. BUG There is a syzbot-based reproducer that can cause the kernel to crash. The call trace is as follows with some debug output added: DEBUG: rescue=ibadroots...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3request-numqueuedsgs is decremented on completion. If a partially completed request is handled, then the dwc3request-numqueuedsgs no longer reflects the total number of...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for xfrm realdev null pointer dereference We should not set realdev to NULL, because packets may still be in transit, and xfrm might call xdodevoffloadok in parallel. All callbacks assume that realdev is set. Example...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed the missing .istwopixelspercontainer field. Starting with version 6.11, the AMDGPU driver, when loaded with amdgpu.dc=1, may cause a NULL pointer dereferencing on PCs with older GPUs, such as R9 280X. This...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: SCSI: QLA2XXX – Fixed potential NULL pointer dereferencing issues. The Klocwork tool reported that “curdsd” might be dereferenced. A fix has been added to validate the pointer before dereferencing it...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Added a check for the return value of spiimxsetupxfer. The function pointers spiimx-rx and spiimx-tx can be NULL when spiimxsetupxfer returns an error. NULL pointers can be dereferenced, which is not supported in th...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fbaddvideomode to prevent nullptrderef. The fbaddvideomode function may fail with -ENOMEM if its internal kmalloc function cannot allocate a struct fbmodelist. In such cases, the modelist remains empty, but th...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fixed a potential nullptrderef issue in toatmarpd. atmarpd is protected by RTNL since commit f3a0592b37b8 “ATM: clip causes unregister hang”. However, this does not suffice, as toatmarpd is called without RTNL, and...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fixed null-ptr-deref in r5lFlushStripeToRaid The r5lFlushStripeToRaid function will check whether the list ‘flushingios’ is empty. It will then submit ‘flushbio’. However, r5llogFlushEndio clears the list first, a...

Astra Linux - уязвимость в linux-5.10, linux

A NULL pointer dereference flaw exists in the diFree function in the fs/jfs/inode.c file of the Journaled File System JFS in the Linux kernel. This flaw could allow a local attacker to crash the system or leak internal kernel information...

OESA-2026-2191 compat-openssl11 security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An...

OESA-2026-2173 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmptagvalidation icmptagvalidation unconditionally dereferences the result of rcudereferenceinetprotosproto without checki...

PT-2026-36705

Name of the Vulnerable Software and Affected Versions Telegram Desktop versions prior to 6.7.6 Description A null pointer dereference a condition where a program attempts to read from a memory address that is null, typically causing a crash can be triggered remotely in the Bot API component. The...

Telegram Desktop 安全漏洞

Telegram Desktop is the desktop version of Telegram’s open-source instant messaging mobile application. Versions of Telegram Desktop prior to 6.7.5 contained a security vulnerability. This vulnerability stemmed from the function RequestButton in the Bot API component, specifically the handling of...

Null-pointer dereference and double-free via safe APIs

Two soundness violations exist in the Rust bindings for MetaCall: Null-pointer dereference: MetaCallFuture::newraw accepts a raw pointer without validation. The Debug impl calls Box::fromrawself.data on it. Passing a null pointer causes the Debug impl to construct a NonNull from null, producing...

CVE-2026-6525 NULL Pointer Dereference in Wireshark

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

ntp: Fix of 2 CVEs

CVE-2018-7185: unauthenticated packet with a zero-origin timestamp can reset an authenticated interleave association leading to denial of service. - CVE-2019-8936: NULL pointer dereference triggered by an authenticated mode 6 control packet with no value field...

Linux Distros Unpatched Vulnerability : CVE-2026-31728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: uether: Fix race between getherdisconnect and ethstop A race condition between getherdisconnect and ethstop leads to a NULL pointer dereference...

CVE-2026-31749

A flaw was found in the niatmio16d driver within the Comedi Comedi is a collection of drivers for data acquisition equipment subsystem of the Linux kernel. This vulnerability occurs when an error during the driver's attach process causes the cleanup function atmio16ddetach to be called with...

CVE-2026-31736

A flaw was found in the Linux kernel's mtkppe Ethernet driver. When the gmac0 interface is disabled, a precheck for a valid ingress device can lead to a NULL pointer dereference. This vulnerability can cause a system crash, resulting in a Denial of Service DoS...