Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: afs: Fixed page leak There is a loop in afaxtendwriteback that adds extra pages to the write operation. We want to improve the efficiency of this write-back process by making the write operation larger. However, this loop stops i...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: corrected the order of the prelimref arguments in btrfsprelimref The btrfsprelimref function calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fixed the issue where GEM handle creation was subject to ref counting. Previously, panfrostgemcreatewithhandle would return a BO, but only with a reference to the handle. User space could theoretically guess this...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: reftracker: Implement use-after-free detection. Whenever reftrackerdirinit is called, mark the struct reftrackerdir as “dead”. Test the “dead” status from reftrackeralloc and reftrackerfree. This should detect buggy calls to...

CVE-2026-32682 NGINX Gateway Fabric vulnerability

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

CVE-2026-12398 Galaxy_ng: shell injection in legacy role import via unsanitized git ref names

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

CVE-2026-12398 Galaxy_ng: shell injection in legacy role import via unsanitized git ref names

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

SUSE CVE-2026-46277

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

CVE-2026-44422

A flaw was found in FreeRDP. A malicious server can exploit a heap use-after-free or double-free vulnerability in the FreeRDP client's RDPEAR authentication-redirection path. This occurs because the RDPEAR NDR parser incorrectly handles pointer reference IDs, leading to the same heap object being...

CVE-2026-46277

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

CVE-2026-46277 mm/zone_device: do not touch device folio after calling ->folio_free()

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

EUVD-2026-35142

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

PT-2026-47349

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description An issue exists in the mm/zone device component where the system accesses a device folio after the folio free function has been called. Because a folio can be immediately reallocated by ...

OPENSUSE-SU-2026:20914-1 Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues: Changes in ffmpeg-4: - CVE-2026-30997: avcodec/av1dec: check that primaryrefframe is within range bsc1262047...

CVE-2026-44422 FreeRDP RDPEAR NDR ref-id aliasing causes client-side UAF/double-free and type confusion

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two...

CVE-2026-44422

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two...

EUVD-2026-33434

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two...

CVE-2026-44422

CVE-2026-44422 affects FreeRDP prior to 3.26.0. The RDPEAR NDR parser incorrectly reused a non-null NDR pointer ref-id across multiple logical pointer fields, causing the same heap object to be assigned to two outputs. The destructor then frees both pointers, enabling a heap use-after-free / doub...

Linux Distros Unpatched Vulnerability : CVE-2026-45880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCI/P2PDMA: Release per-CPU pgmap ref when vminsertpage fails When vminsertpage fails in p2pmemallocmmap, p2pmemallocmmap doesn't invoke percpurefput to free th...

UBUNTU-CVE-2026-46223

In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpuref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to satisfy the controller invariant that a subsystem's -cssoffline must not run while tasks are still doin...