Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Security Fixes: CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248707 golang-github-prometheus-nodeexporter: Backward Compatibility and packaging changes: Added compatibility for Go...

Security update 5.0.8 for Multi-Linux Manager Client Tools, Salt Bundle and Salt

This update fixes the following issues: golang-github-prometheus-nodeexporter: Version 1.10.2: meminfo: Fix typo in Zswap metric name Version 1.10.1: filesystem: Fix mount points being collected multiple times filesystem: Refactor mountinfo parsing bsc1261810 meminfo: Add Zswap/Zswapped metrics...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: brwimac: pcie: handling of randbuf allocation failure The kzalloc function in brwimacpciedownloadfwnvram will return null if physical memory runs out. As a result, if we use getrandombytes to generate random bytes into the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: A memory leak has been fixed in the ipcpciereadbioscfg function. The ipcpciereadbioscfg function uses acpievaluatedsm to obtain the wwan power state configuration from the BIOS. However, it does not free the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: brdfiamac – Check for the probe id argument being NULL The probe id argument may be NULL in two scenarios: 1. When brdfiamacpciepmleaveD3 calls brdfiamacpcieprobe to reprobe the device. 2. When a user attempts to manually...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: PCI: Keystone: Fixed a NULL pointer dereferencing issue in case of a DT error in kspciesetuprcapp regs. If IORESOURCEMEM is not provided in the Device Tree due to any error, resourcelistfirsttype will return NULL, and...

CLSA-2026-1778266904 kernel: Fix of 188 CVEs

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present - xfrm: esp: avoid in-place decrypt on shared skb frags - clk: Fix clkhwgetclk when dev is NULL CVE-2022-49187 - x86/sgx: Add overflow check in sgxvalidateoffsetlength CVE-2022-49785 - ext4: init quota for 'old.inode' in...

CLSA-2026-1778125769 qemu-kvm: Fix of 3 CVEs

CVE-2023-3019: net: improper synchronization in net device backends - CVE-2023-42467: scsi-disk: division by zero in scsidiskemulatemodeselect - CVE-2024-26327: pciesriov: NumVFs validation buffer overflow...

PHOENIX CONTACT多款产品 安全漏洞

PHOENIX CONTACT FL MGUARD 2102, among others, are products of the German company PHOENIX CONTACT. PHOENIX CONTACT FL MGUARD 2102 is a router. PHOENIX CONTACT FL MGUARD 2105 is also a router. PHOENIX CONTACT FL MGUARD represents a series of routers. Several products from PHOENIX CONTACT have...

CVE-2026-43130

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Commit 4fc82cd907ac "iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected" relies on pcidevisdisconnected to skip ATS...

PT-2026-37470

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Commit 4fc82cd907ac "iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected" relies on pci dev is disconnected to skip ATS...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: Demote WARN to devwarnratelimited in rcarpciewakeup Avoid large backtrace, it is sufficient to warn the user that there has been a link problem. Either the link has failed and the system is in need of maintenance, or t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: The FW DMA is stopped in bnxtshutdown. The netifclose call in bnxtshutdown only stops packet DMA. There may be FW DMA for trace logging recently added, which will continue. If we execute an kexec to a new kernel, the DMA...

Astra Linux - уязвимость в qemu

An issue was discovered in QEMU 7.1.0 through 8.2.1. registervfs in hw/pci/pciesriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisipcie: Fixed out-of-bound access when a valid event group is involved. The perf tool allows users to create event groups using the cmd 1. However, the driver does not check whether the array index is out of bound...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/dwcpcie: fix duplicate pcidev devices During platformdeviceregister, wrongly using struct device pcidev as platformdata caused a kmemdup copy of pcidev. Worse still, accessing the duplicated device leads to list corruption a...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix NULL pointer dereference in iwlpcieirqrxmsixhandler rxq can only be NULL when transpcie-rxq is NULL and entry-entry is zero. In cases where entry-entry is not equal to 0, rxq will not be NULL, even if...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013095)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013095 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdnspcie::ops before using it cdnspcie::ops might not be...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011322)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011322 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdnspcie::ops before using it cdnspcie::ops might not be...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013247)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013247 advisory. Two memory leaks in the mwifiexpcieinitevtring function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a...