Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A bug in markbufferdirty was fixed, as it previously caused a warning when buffers were discarded and reused. A syzbot stress test using a corrupted disk image revealed that markbufferdirty called from nilfsmark inodedirt...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in the AMD nested virtualization SVM feature of the KVM. A malicious L1 guest could intentionally fail to intercept the shutdown of a cooperative nested guest L2, potentially causing a page fault and kernel panic in the host L0...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Returning NULL pointer in case of allocation failures When the TRBE driver fails to allocate a buffer, it currently returns the error code “-ENOMEM”. However, the caller etmsetupaux only checks for a NULL pointer...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ionic: catch failure from devlinkalloc A check for NULL has been added to the return value of devlinkalloc. If devlinkalloc fails and we attempt to use devlinkpriv on a NULL return value, the kernel will become very upset and...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on inlinedots inode As Wenqing reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215765 It will cause a kernel panic with steps: - mkdir mnt - mount tmp40.img mnt - ls mnt...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath11k – The “clear initialized flag” for deinitialized srng lists In several cases, we observe kernel panics upon resuming operations due to ath11k kernel page faults. This occurs under the following circumstances: 1...

Astra Linux - уязвимость в linux-5.15, linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Avoid device tree lookups in rtasosterm. rtasosterm is called during panic. Its behavior depends on several conditions in the /rtas node of the device tree; traversing these nodes involves locking and changes to loc...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Ensure that the descriptor has been set before checking maxpacket. This fixes a null pointer panic in this case. This issue may occur if the gadget does not properly set up the endpoi...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: TCP: Add sanity checks to rx zerocopy The purpose of TCP rx zerocopy is to map pages initially allocated by NIC drivers, not pages owned by a file system. This patch adds additional checks to canmapfrag: - The page must not be a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: mana: Fixed the Rx DMA data size and skboverpanic. The function managetrxbufcfg aligns the DMA data size of the RX buffer to be a multiple of 64. As a result, a packet slightly larger than mtu+14, say 1536, can be receive...

Linux Distros Unpatched Vulnerability : CVE-2026-31726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe usb: gadget: uvc: allow for application to cleanly shutdown introduced two...

SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2026:1641-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1641-1 advisory. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032:...

CVE-2026-31726

A flaw was found in the Linux kernel's USB Video Class UVC gadget driver. A race condition during power management PM transitions can cause a null pointer dereference. This occurs when the system attempts to access a deallocated gadget pointer, leading to a kernel panic. This vulnerability can be...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationRuntime & IntegrationServer operands are vulnerable to loss of confidentiality (CVE-2026-27137) and denial of service (CVE-2026-27138)

Summary IBM App Connect Enterprise Certified Container operator and IntegrationRuntime & IntegrationServer operands are vulnerable to loss of confidentiality CVE-2026-27137 and denial of service CVE-2026-27138. This bulletin provides patch information to address the reported vulnerability in Gola...

CVE-2026-43012

A flaw was found in the Linux kernel's net/mlx5 driver. This vulnerability occurs when the switchdev mode fails to initialize or transition correctly, leading to an improper rollback to legacy mode. During this rollback, the system attempts to unregister an already unregistered uplink network...

CVE-2026-43043

In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AFALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new afalgtsgl structure. If a sendmsg fills an SGL exactly to MAXSGLENTS, the...

CVE-2026-43043

In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AFALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new afalgtsgl structure. If a sendmsg fills an SGL exactly to MAXSGLENTS, the...

CVE-2026-43043

The CVE describes a Linux kernel vulnerability in the AF_ALG crypto interface where chaining a new af_alg_tsgl structure can leave the end marker of the previous Scatter/Gather List uncleared when a sendmsg exactly fills MAX_SGL_ENTS. This causes sg_next() to return NULL, potentially leading to a...

CVE-2026-43043 crypto: af-alg - fix NULL pointer dereference in scatterwalk

In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AFALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new afalgtsgl structure. If a sendmsg fills an SGL exactly to MAXSGLENTS, the...

PT-2026-36460

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The AF ALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new af alg tsgl structure. If the sendmsg function fills an SGL exactly to MAX SGL ENTS, the las...