CVE-2026-53301

The CVE-2026-53301 entry concerns the Linux kernel: a fix for null reset ops in the amlogic t7 reset pathway to prevent a kernel NULL pointer dereference. The issue arises from missing reset ops, with the affected SOC’s reset reportedly not used yet. The connected documents indicate that the reme...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The can: hi311x module has corrected the ndochangemtu function to prevent buffer overflows. Sending a PFPACKET allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The only check...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ftrace: Fixed a use-after-free issue related to dynamic ftraceops. KASAN reported a use-after-free when using ftrace. It was discovered that perf registered two ftrace operations with the same content, both being dynamic. Afte...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fixed NULL pointer dereferencing in adisinit. The adisinit function dereferences adis-ops to check whether the individual function pointers write, read, reset are NULL. However, it does not first check whether...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Added a close callback in the vasvmops structure. The VMA address is saved in the VAS window structure when the paste address is mapped. This VMA address is used during migration to unmap the paste address if...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Fixed the race condition in serdev. The yt21380fcserdevprobe function calls devmserdevdeviceopen before setting the client operations using serdevdevicesetclientops. This...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: char: tpm: Protect tpmpmsuspend with locks Currently, tpm transactions are executed unconditionally in the tpmpmsuspend function, which may lead to races with other tpm accessors in the system. Specifically, the hwrandom tpm driv...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: fixed out-of-bounds access in opsinit The netallocgeneric function is called by netalloc, which does not use any locking mechanisms. It reads maxgenptrs, which is modified under the pernetopsrwsem context. This reading occur...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: vfio: Split migration operations from main device operations The vfio core checks whether the driver sets certain migration operations e.g., setstate/getstate, and accordingly calls those operations. However, currently, the ml...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Team: Fix null-ptr-deref when the team device type is changed. The null-ptr-deref bug occurs as follows with a reproducer 1. Bug: Kernel NULL pointer dereferencing. Address: 0000000000000228… … RIP:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/smc: Fixed a possible leak of the pernet namespace in smcinit. In smcinit, registerpernetsubsys&smcnetstatops is called without any error handling. If this call fails, the registration of &smcnetops will not be reversed. And ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Added freetransport operations in ksmbd connections. The freetransport function for TCP connections can be called from smdbdirect. This could lead to a kernel error. This patch adds freetransport operations in ksmbd...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: Fixed the return type of netcpndostartxmit With Clang’s Kernel Control Flow Integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to ensure that the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The sun4iCan driver’s ndochangemtu function needs to be updated to prevent buffer overflows. Sending a PFPACKET message allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The only...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: w1: fixed NULL pointer dereferencing in the probe. The w1uartprobe function calls w1uartserdevopen which includes devmserdevdeviceopen before setting the client ops via serdevdevicesetclientops. This order can lead to a NULL...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: lwt: Fixed the return values of BPF xmit operations. The BPF encap operations can return different types of positive values, such as NETRXDROP, NETXMITCN, NETDEVTXBUSY, etc., from the functions skbdoredirect and...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: atm: clip: Fixed NULL pointer dereferencing in vccsendmsg atmarpddevops does not implement the send method, which may cause crashes as described below. BUG: NULL pointer dereferencing in the kernel, address: 0000000000000000 P...

CVE-2026-6912

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...

CVE-2026-8431

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...

Malicious code in po-ops-local-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed7a024c524e1a4bc29e2670d7dc00e5aa4c6891650c3c6bf38a2f388f4a3cb9 The OpenSSF Package Analysis project identified 'po-ops-local-dev' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...