EUVD-2026-38837

In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmsmac – added a gain range check to wlcPhyiqcalgainparamsnphy. In wlcPhyiqcalgainparamsnphy, add a gain range check to WARN, instead of potentially unsafe access to the tbliqcalgainparamsnphy array. This fix has been...

CVE-2026-46303

In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to sbbread without checking that the block number is within the mounted I...

PT-2026-46902

Name of the Vulnerable Software and Affected Versions Graphite versions prior to 1.3.15 Description An integer underflow occurs via Graphite actions because the slotat function fails to ensure that an offset remains within the allowed slot-map range, leading to an out-of-bounds write...

EUVD-2026-32883

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In ext4, the “set goal start” operation is performed correctly in ext4mbnormalizerequest. We need to set acgex to notify the goal start used in ext4mbfindbygoal. Set acgex instead of acfex in ext4mbnormalizerequest. Additionally,...

CVE-2026-43110

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmffwehhandleifevent validates the firmware-provided interface index before it touches drvr-iflist, but it still uses the raw bsscfgidx field as an array index without a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: BPF: Do not use tnumrange for array range checking when dealing with poke descriptors. Hsin-Wei reported a KASAN issue triggered by their BPF runtime fuzzer, which is based on a customized syzkaller: - BUG: KASAN: Out-of-bound...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The lock-range check for files with equal size is skipped, to avoid underflow when size == 0. When size equals the current isize including 0, the code that calls checklockrangefilp, isize, size - 1, WRITE will compute size...

EUVD-2026-26629

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix regsafe for pointers to packet In case rold-reg-range == BEYONDPKTEND && rcur-reg-range == N regsafe may return true which may lead to current state with valid packet range not being explored. Fix the bug...

GHSA-W5HQ-G745-H8PQ uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Summary The v3, v5, and v6 API methods not uuid release versions accept external output buffers but do not reject out-of-range writes small buf or large offset. By contrast, v4, v1, and v7 API methods explicitly throw RangeError on invalid bounds. This inconsistency allows silent partial writes...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013188)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013188 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4mbnormalizerequest We need to set acgex to notify the goal...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013194)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013194 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN...

EUVD-2026-21609

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...

CVE-2026-40198

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...

CVE-2026-5466

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

UBUNTU-CVE-2026-5466

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

CVE-2026-5466 wc_VerifyEccsiHash missing sanity check

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

PT-2026-31862

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description The ECCSI signature verifier wc VerifyEccsiHash in wolfSSL decodes the r and s scalars from the signature blob using mp read unsigned bin without verifying that these values fall within the...

PT-2026-32048

Name of the Vulnerable Software and Affected Versions Net::CIDR::Lite versions prior to 0.23 Description The Net::CIDR::Lite Perl module before version 0.23 does not properly validate the IPv6 group count, potentially allowing a bypass of IP Access Control Lists ACLs. Recommendations Update to...