Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Added a call to putpid. Added a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID; therefore, we need to free it here to avoid leaks. [email protected]: reword...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: misc: fastrpc: Do not remove the map from createprocess and devicerelease functions. Do not remove the map from the list during the error handling in fastrpcinitcreateprocess. Instead, call fastrpcmapput to avoid a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RISCV: Process: Fix kernel information leakage The s12 element of the threadstruct may contain random kernel memory contents, which could potentially be leaked to the user space. This is a security flaw. To address this issue,...

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved through improved checks. This issue is fixed in Safari 18, iOS 18, iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, and watchOS 11. Processing maliciously crafted web content may result in an unexpected process crash...

Astra Linux – Vulnerability in Thunderbird

The parent process does not properly check whether the Speech Synthesis feature is enabled when receiving instructions from a child process. This vulnerability affects Thunderbird 91.9...

Astra Linux – Vulnerability in WebKit2GTK

This issue has been addressed through improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, and watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

Astra Linux – Vulnerability in Chromium

Before version 94.0.4606.54, using the "after free" mechanism in Performance Manager in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre – fixed a resource leak in the remove process. In hpreremove, when the disable operation of qm sriov fails, the following logic should continue to be executed to release the remaining resources that have be...

Astra Linux – Vulnerability in binutils

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file...

Astra Linux – Vulnerability in Chromium

Before version 94.0.4606.61, using "use after free" in Portals within Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ICE: Fixed ‘scheduling while atomic’ in aux critical error interrupts There is a kernel bug related to processing aux critical error interrupts in icemiscintr: 2100.917085 BUG: Scheduling while atomic: swapper/15/0/0x00010000… …...

Astra Linux - уязвимость в linux

An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that all...

Astra Linux – Vulnerability in WebKit2GTK

This issue has been resolved through improved memory handling. This issue is fixed in Safari 26, iOS 26, iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, and watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash...

Astra Linux – Vulnerability in WebKit2GTK

A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in Safari 26.1, iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, and watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tcp: tcprtxsynack can be called from process context Laurent reported the enclosed report 1 This bug triggers under the following conditions: 0 The kernel is built with CONFIGDEBUGPREEMPT=y 1 A new passive FastOpen TCP socket is...

crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption

...

CVE-2026-31726

A flaw was found in the Linux kernel's USB Video Class UVC gadget driver. A race condition during power management PM transitions can cause a null pointer dereference. This occurs when the system attempts to access a deallocated gadget pointer, leading to a kernel panic. This vulnerability can be...

CVE-2026-31723

A flaw was found in the Linux kernel's usb: gadget: fsubset component. This vulnerability arises from an issue in how network device resources are managed during the unbinding of a USB gadget function. When the parent device is destroyed, the associated network device may persist, creating...

CVE-2026-35233

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...

UBUNTU-CVE-2026-35233

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...