CVE-2026-53267

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...

CVE-2026-52991

CVE-2026-52991 concerns a race in the Linux kernel PSI subsystem where a use-after-free can occur due to a race between pressure_write and cgroup file release touching the priv member of struct kernfs_open_file. The issue is fixed by widening the scope of the cgroup_mutex in pressure_write to cov...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: phy: qcom: at803x: fix kernel panic with at8031probe When reworking and splitting the at803x driver, a NULL dereference bug was identified in the function that splits at803x PHYs. In this bug, the variable priv is referenced...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: wifi: mwifiex: Do not return unused priv pointers in mwifiexgetprivbyid. mwifiexgetprivbyid returns the priv pointer corresponding to bssnum and bsstype, but without checking whether the priv is actually in use. Unused priv...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fixed the issue with locking the mcast list. The release of priv-lock while iterating over priv-multicastlist in ipoibmcastjointask creates a situation where ipoibmcastdevFlush may remove the items while the iteration i...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY The latest kernel will fail when dealing with the PHY interrupt configuration, as it now relies on allocated private resources. Therefore, running a probe to allocate...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ath9k: Fixed a use-after-free in ath9khifusbrxcb. Syzbot reported a use-after-free during the Read operation in ath9khifusbrxcb. The problem arose from incorrect initialization of htchandle-drvpriv. A likely call stack that...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: fsl-asoc-card: Set priv-pdev before using it The priv-pdev pointer was set after it was used in fslasoccardaudmuxinit. This assignment should be moved to the beginning of the probe function, so that sub-functions can...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Driver core: Bus – Fixed a double-free in the driver API function busregister. For busregister, any error that occurs after ksetregister will cause the @priv variable to be freed twice. This issue was fixed by setting @priv to NU...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: EFI: libstub – Only “free privRuntimeMap” is returned when it is allocated. “privRuntimeMap” is only allocated when “efinovamap” is not set. Otherwise, it remains an uninitialized value. In the error path, “privRuntimeMap” is fre...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey – fixed memory corruption upon unloading. It should be labeled as “priv”, but we accidentally passed “&priv”, which is an address in the stack. This can lead to memory corruption when the imxsckeyaction function i...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: a potential memory leak has been fixed in mlx5einitreprx. The memory pointed to by the priv-rxres pointer is not freed during the error-prone execution of mlx5einitreprx, which can lead to a memory leak. This issue has...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: “perf trace: Really free the evsel-priv area” In 3cb4d5e00e037c70 “perf trace: Free syscall tp fields in evsel-priv”, it only freed the area if strcmpevsel-tpformat-system, “syscalls” returned zero. However, the initialization of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Pass netdev to mlx5edestroynetdev instead of priv mlx5epriv is an unstable structure that can be memset0 if profile attachment fails. Pass netdev to mlx5edestroynetdev to ensure that it works with a valid netdev. On...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Netfilter: nftables: exthdr: fix for 4-byte stack OOB write issue. If priv-len is a multiple of 4, then dstlen / 4 can write beyond the destination array, leading to stack corruption. This fix is necessary to handle the remainder...

CVE-2026-47956

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

CVE-2026-46075 crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new -read calls and flush the Atmel I2C workqueue before teardown to prevent a potential UAF if a queued callback runs while...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlanremoveone. priv is netdev’s private data, and it cannot be used after a freenetdev call. Using priv after freenetdev can cause a UAF bug. This issue is fixed by moving the freenetdev call to the end of the...

SUSE CVE-2026-43050

In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix use-after-free in sockdefreadable A race condition exists between lecatmclose setting priv-lecd to NULL and concurrent access to priv-lecd in sendtolecd, lechandlebridge, and lecatmsend. When the socket is freed via...

CVE-2026-43050 atm: lec: fix use-after-free in sock_def_readable()

In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix use-after-free in sockdefreadable A race condition exists between lecatmclose setting priv-lecd to NULL and concurrent access to priv-lecd in sendtolecd, lechandlebridge, and lecatmsend. When the socket is freed via...