PT-2026-37062

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description List corruption and Use-After-Free UAF issues exist in the Bluetooth MGMT command complete handlers. These issues stem from a change in the mgmt pending valid function, which validates a...

GHSA-M7HM-VM4X-28JF apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery

DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g. EC, the unchecked assertion panics and crashes apko. This affects any workflow that initializes the APK...

apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery

DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g. EC, the unchecked assertion panics and crashes apko. This affects any workflow that initializes the APK...

GHSA-P4GQ-3VXJ-F4JQ Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Summary A nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSODELEGATERBACTONAMESPACE=true. Details When getServiceAccountclaims, ssoNamespace...

Incus Vulnerable to Panic via Snapshot Bounds Check

Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The backup restore...

GHSA-4M88-WXJ4-9QJ6 Incus Vulnerable to Panic via Snapshot Bounds Check

Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The backup restore...

Exploit for CVE-2025-40271

🔴 CVE-2025-40271: Vulnerabilidad Crítica de Uso-After-Free en...

RHCOS 4 : OpenShift Container Platform 4.14.40 (RHSA-2024:8700)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8700 advisory. - buildah: Buildah allows arbitrary directory mount CVE-2024-9675 - Podman: Buildah: CRI-O: symlink traversal vulnerability in the...

RHCOS 4 / 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0045 advisory. - dnspython: denial of service in stub resolver CVE-2023-29483 - golang: net/http/cookiejar: incorrect forwarding of sensitive...

RHCOS 4 : OpenShift Container Platform 4.15.37 (RHSA-2024:8428)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8428 advisory. - Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9341 - Podman: Builda...

RHCOS 4 : OpenShift Container Platform 4.13.53 (RHSA-2024:8690)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8690 advisory. - Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9341 - buildah: Build...

PT-2026-37053

Name of the Vulnerable Software and Affected Versions apko versions prior to 1.2.7 Description The DiscoverKeys function in pkg/apk/apk/implementation.go performs an unconditional type-assertion of JWKS JSON Web Key Set keys as rsa.PublicKey without verifying the key type. If a repository JWKS...

RHCOS 4 : OpenShift Container Platform 4.16.18 (RHSA-2024:8263)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8263 advisory. - Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9341 - go/parser:...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handles PLTs. Sometimes it is necessary to use a PLT entry to call a ftrace trampoline. This is handled by ftracemakecall and ftracemakenop, both of which have almost identical logic. However, this iss...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: isotp: split the transmission timer into two parts—transmission and timeout. The timer for the transmission of isotp PDUs previously had two functions: 1. sending two consecutive frames with a specified time interval. 2...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: configfs: Fix a race condition in configfs,unregistersubsystem. When configfsregistersubsystem or configfsunregistersubsystem is executing linkgroup or unlinkgroup, it is possible that two processes add or delete elements from th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fixed a kernel panic that occurred when the reset attempt failed and was triggered again. In SRIOV configuration, the reset may fail to restore the ASIC to normal, but the cpsch function has already been called...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/v3d: Stop the active perfmon before being destroyed When running kmscube with one or more performance monitors enabled via GALLIUMHUD, the following kernel panic can occur: 55.008324 Unable to handle kernel paging request ...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: imx-jpeg: Disabled the unnecessary interrupt to avoid kernel panic. There is a hardware bug where the interrupt STMBUFHALF may be triggered after or when the interrupt is disabled. This can lead to unexpected kernel...

Astra Linux - уязвимость в linux

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well a...