CVE-2026-4610

CVE-2026-4610 affects the ProfileGrid – User Profiles, Groups and Communities WordPress plugin. The vulnerability is a Stored Cross-Site Scripting flaw in the function pm_send_message_to_author via the pm_author_message parameter, present in all versions up to and including 5.9.9.2. It arises fro...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fix PM usage counter unbalance in poweron The pmruntimegetsync function will increment the PM usage counter even if it fails. Forgetting to replace this function with the newer pmruntimeresumeandget function...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: soc: brcmstb: pm-arm: Fixed bugs related to reference count leaks and iomem leaks. In brcmstbpmprobe, there are two types of leak bugs: 1 We need to add ofnodeput when foreachmatchingnode breaks. 2 We need to call iounmap for...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: ti: dra7-atl: Fixed a reference leak in ofdra7atlclkprobe. pmruntimegetsync will increment the pm usage counter. Forgetting to perform the necessary operations will result in a reference leak. Added the missing...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: media: mediatek: vcodec: fix decoder disable PM crash It is not possible to call pmruntimedisable when the architecture supports a sub-device for “dev-pm.dev” is NUll, or it may cause a crash log. 10.771551 pc :...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/pm: fixed a random hang during S4 for SMU v13.0.4/11. During multiple S4 stress tests, GC/RLC/PMFW entered an invalid state, resulting in hard hangs. Adding a GFX reset as a workaround just before sending the MP1UNLOAD...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fixed a resource leak in the remove callback. The remove callback returned early if pmruntimeresumeandget failed, thereby skipping the cleanup of the SPI controller and other resources. The early return was remov...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fixed a reference leak when pmruntimegetsync fails. The PM reference count is not expected to be incremented on the return in lpi2cimxmasterenable. However, pmruntimegetsync will still increment the PM reference...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Drivers: Ethernet: cpsw – Fixed a panic that occurs when the coalece interrupt is set using ethtool. The cpswethtoolbegin function directly returns the result of pmruntimegetsync when it is successful. pmruntimegetsync returns...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: adc: rzg2ladc: Set the driver data before enabling runtime PM When performing stress tests on the system by repeatedly unbinding and binding the ADC device in a loop, and the ADC serves as a supplier for another device e.g.,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevents recovery work from being queued during device removal. Use disableworksync instead of cancelworksync in ivpudevfini to ensure that no new recovery work items can be queued after device removal has started...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fixed a runtime suspension deadlock that occurred when there was a pending job. The runtime suspension callback drains the running job’s workqueue before suspending the device. If a job is still executing and calls...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: - spi: rockchip: Fixed improper handling of runtime PM/system PM operations. The commit e882575efc77 “spi: rockchip: Suspend and resume the bus during NOIRQSYSTEMSLEEPPM ops” no longer respects the runtime PM status and simply...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fixed a missing runtime PM reference in ccsmodestore. ccsmodestore calls xegtreset, which internally invokes xepmruntimegetnoresume. This function requires the caller to already hold an outer runtime PM reference, and war...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PM: sleep: The spurious WARNON message from pmrestoregfpmask was removed. Commit 35e4a69b2003f “PM: sleep: Allow pmrestrictgfpmask stacking” introduced a refcount-based GFP mask management mechanism. This mechanism would issue a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevention of division by zero The user can set any speed value. If the speed is greater than UINTMAX/8, a division by zero is possible. Found by the Linux Verification Center linuxtesting.org with SVACE...

CVE-2026-46292

In the Linux kernel, the following vulnerability has been resolved: pmdomain: core: Fix detach procedure for virtual devices in genpd If a device is attached to a PM domain through genpddevpmattachbyid, genpd calls pmruntimeenable for the corresponding virtual device that it registers. While this...

CVE-2026-46292

In the Linux kernel, the following vulnerability has been resolved: pmdomain: core: Fix detach procedure for virtual devices in genpd If a device is attached to a PM domain through genpddevpmattachbyid, genpd calls pmruntimeenable for the corresponding virtual device that it registers. While this...