CVE-2026-43496

The CVE-2026-43496 issue is in the Linux kernel net/sched sch_red path. When a red qdisc has children (e.g., qfq) whose peek() callback is qdisc_peek_dequeued(), a parent (e.g., tbf) attempting to retrieve an skb could trigger a kernel panic due to a problematic dequeue path. The documented seque...

CVEs

NULL Dereference The vulnerabilities found in cryptofioctl...

PT-2026-42671

Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get epoch chunks which iterates backwards through macro blocks using Policy::macro block before. When it reaches the genesis block number, macro block before...

PT-2026-42453

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel panic can occur in the Linux kernel when a Random Early Detection RED queueing discipline qdisc has children, such as a Fair Queueing FQ qdisc, whose peek callback is qdisc peek...

CVE-2026-40092

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

CVE-2026-40092 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

EUVD-2026-31197

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

CVE-2026-40092

Summary: In Nimiq’s Rust-based stack, versions ≤ 1.3.0 of the nimiq-blockchain component are vulnerable to a crafted Kademlia DHT record containing a TaggedSigned with a signature field not exactly 64 bytes. When a victim node processes the record, the Ed25519 signature is parsed via Ed25519Signa...

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: RISCV: Fixed support for runtime constants in Nommu kernels. The runtimefixup32 function does not handle the case where val is zero correctly as may occur when patching a Nommu kernel and referring to a physical address below...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358 – ensure that CBR is set correctly. It was discovered that some devices have the CBR address set to 0, causing kernel panic when archsyncdmaforcpuall is called. This issue occurs when the system is booted fro...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Start the MHI channel after endpoint creation The MHI channel may generate an event/interrupt right after enabling. This can lead to two race condition issues: 1 Such events may be dropped by the qcommhiqrtrdlcallback...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btnxpuart: Fixed kernel panic during firmware release This fix addresses a kernel panic that occurred during the release of firmware in a stress test scenario where WLAN and Bluetooth firmware downloads occur...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not drop the extentmap for the inode of free space during a write error. While running the CI for an unrelated change, I encountered the following panic: with generic/648 on btrfsholesspacecache. The assertion failed:...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on ‘actiondata.varrefidx’ When generating a synthetic event with many parameters and then creating a trace action for it 1, a kernel panic occurred 2. This occurs because in traceactioncreate,...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: stmmac: Clearing the variable when destroying the workqueue Currently, when suspending the driver and stopping the workqueue, it is checked whether workqueue is not NULL. If it is NULL, the workqueue is destroyed. The function...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fixed a kernel panic that occurs when the host sends an invalid H2C PDU length. If the host sends an H2CData command with an invalid DATAL value, the kernel may crash in the nvmettcpbuildpduiovec function. This issue...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: fixed a use-after-free in twtimerhandler A real-world panic issue was discovered in Linux 5.4. Bug: Unable to handle a page fault for the address: ffffde49a863de28 PGD: 7e6fe62067 P4D: 7e6fe62067 PUD: 7e6fe63067 PMD:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handling deconfigured sockets When a socket is deconfigured, it is mapped to SOCKEMPTY 0xffff. This causes a panic during the allocation of UV hub info structures. This issue can be fixed by using NUMANONODE,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ice: Do not process extts if PTP is disabled The iceptpexttsevent function can race with iceptprelease, resulting in a NULL pointer dereferencing, which can lead to a kernel panic. A panic occurs because the iceptpexttsevent...