kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

Malicious code in @scp3500/openvl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee1ab6796d8af462e9f00e82a28545b72eae4d9d9f0ab0f36ca4b09cd29487c scripts/mcpserver.js loads childprocess, fs, and http, reads from process.env, and issues HTTP POST requests to a hardcoded external destination at...

MAL-2026-4574 Malicious code in gm-kilo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spoo...

MAL-2026-4601 Malicious code in local-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

Astra Linux - уязвимость в webkit2gtk

The issue was addressed through improved checks. This issue is fixed in Safari 18.5, iOS 18.5, iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, and watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash...

Astra Linux - уязвимость в webkit2gtk

This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3. Processing maliciously crafted web content may lead to an unexpected process crash...

Astra Linux - уязвимость в webkit2gtk

The issue was addressed through improved checks. This issue is fixed in Safari 17.6, iOS 17.6, iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, and watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3: A deadlock issue was fixed when configuring TCP during the reset process. When configuring TCP during the reset process, a deadlock may occur. The sequence is as follows: 1. pf reset start 2. …… setup tc 3. ……...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed a memory leak in the createprocess failure. Fixed a memory leak caused by a leaked mmget reference in a error handling code path, which is triggered when attempting to create KFD processes while a GPU reset i...

Astra Linux - уязвимость в firefox, thunderbird

A compromised web process was able to trigger unauthorized reads and writes in a more privileged process by using manipulated WebGL textures. This vulnerability has been fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: libceph: Potential out-of-bounds reads in processmessageheader have been prevented. If the message frame is maliciously corrupted in such a way that the length of the control segment becomes shorter than the size of the message...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fixed a memory leak in airohaqdmarxprocess. If an error occurs in the subsequent buffers belonging to the non-linear part of the skb e.g., due to an error in the payload length reported by the NIC, or if all availabl...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Ring Buffer: Do not swap the cpubuffer during the resize process When the ringbufferswapcpu function is called during the resize process, the cpubuffer is swapped in the middle, resulting in an incorrect state. Continuing to run ...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: riscv/mm: Added handling for VMFAULTSIGSEGV in mmfaulterror. Handle VMFAULTSIGSEGV in the page fault path so that we can correctly kill the process without causing bugs in the kernel...

Astra Linux - уязвимость в chromium

A stack buffer overflow in the GPU process in Google Chrome on Linux prior to version 88.0.4324.182 allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page...

Astra Linux - уязвимость в webkit2gtk

The issue was addressed through improved checks. This issue is fixed in Safari 18.2, iOS 18.2, iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, and watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: xfs: added bounds checking to xlogrecoverprocessdata There is a lack of verification of the space occupied by fixed members of xlogopheader in xlogrecoverprocessdata. We can create a crafted image to trigger an out-of-bounds read...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A use-after-free bug in nilfsroot has been fixed in nilfsevictinode. During the unmount process of nilfs2, nothing holds the nilfsroot structure after nilfs2 detaches its writer in nilfsdetachlogwriter. However, since...