EUVD-2026-39844

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

CVE-2026-53309

In CVE-2026-53309, the Linux kernel OCFS2 DLM region comparison had an off-by-one in dlm_match_regions(), where the local-vs-remote loop used <= instead of <, causing reading beyond the valid range of qr_regions. The fix changes the loop condition to < for consistency and correctness. Th...

CVE-2026-53172

A flaw was found in the Linux kernel's accel/ethosu component. An incorrect mask used when processing the NPUSETIFMREGION command allows a local userspace caller to provide an out-of-bounds region index. This can lead to an out-of-bounds write, corrupting adjacent kernel heap data...

EUVD-2026-39263

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPUSETIFMREGION extracts the region index with param & 0x7f, giving a maximum value of 127. However regionsize and outputregion in struct...

CVE-2026-53172

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPUSETIFMREGION extracts the region index with param & 0x7f, giving a maximum value of 127. However regionsize and outputregion in struct...

CVE-2026-53172

The CVE-2026-53172 issue affects the Linux kernel’s accel/ethosu path where NPU_SET_IFM_REGION incorrectly used param & 0x7f, allowing an index up to 127 for region_size[]/output_region[] (sized to 8). This caused out-of-bounds writes (up to 1016 bytes) past region_size[] and potential kernel hea...

EUVD-2026-39262

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dmalength dmalength derives DMA region usage from command stream values and updates regionsize: len = len + stride0 size0 + stride1 size1 regionsizeregion = max..., len + dma-offset Several...

EUVD-2026-39255

In the Linux kernel, the following vulnerability has been resolved: iommu/dma: Do not try to iommumap a 0 length region in swiotlb iommudmaiovalinkswiotlb processes a mapping that is unaligned in three parts, the head, middle and trailer. If the middle is empty because there are no aligned pages ...

CVE-2026-53164

In the Linux kernel, the following vulnerability has been resolved: iommu/dma: Do not try to iommumap a 0 length region in swiotlb iommudmaiovalinkswiotlb processes a mapping that is unaligned in three parts, the head, middle and trailer. If the middle is empty because there are no aligned pages ...

CVE-2026-53164

The CVE-2026-53164 issue in the Linux kernel affects the iommu/dma path, specifically swiotlb handling of mappings in iommu_dma_iova_link_swiotlb(). When a mapping is unaligned, the middle segment may be empty and a 0-size call to iommu_map() occurs, which the iommupt implementation treats as ill...

EUVD-2026-38927

In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to regioncount overflow The local variable regioncount in createlogcontext is declared as unsigned int 32-bit, but dmsectordivup returns sectort 64-bit. When a device-mapper target has a...

CVE-2026-52908

A flaw was found in the Linux kernel. This vulnerability occurs during the re-registration of a Remote Direct Memory Access RDMA memory region. If the memory's access permissions are changed from read-only to read-write, the system may fail to properly update and secure the underlying user memory...

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidenc...

Linux Distros Unpatched Vulnerability : CVE-2026-52908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA: During reregmr ensure that REREGACCESS is compatible If IBMRREREGACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properl...

EUVD-2026-38037

In the Linux kernel, the following vulnerability has been resolved: RDMA: During reregmr ensure that REREGACCESS is compatible If IBMRREREGACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properly pinned as RW. Since the umem is hidden inside each driver's mr stru...

CVE-2026-52908

The CVE-2026-52908 entry concerns the Linux kernel RDMA path and a compatibility issue during rereg_mr. The root cause is that if IB_MR_REREG_ACCESS changes from RO to RW, the umem must be re-evaluated to ensure proper RW pinning. The fix adds a per-driver hook ib_umem_check_rereg() (to be called...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mshv: Fixed the check for overlap in memory regions. The current check was incorrect; it only checks whether the beginning or end of a region is within an existing region. This does not take into account cases where the user spac...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed the cxlregion leak, and cleaned up targets when a region is deleted. When a region is deleted, any targets that were previously assigned to that region still hold references to it. To trigger the release of thos...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-ep: Fixed incorrect variable used when calling devmrequestmemregion The rcarpcieparseoutboundranges function uses the devmrequestmemregion macro to request a required resource. A string variable located on the stack is...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cgroup/dmem: Fixed a NULL pointer derefrence issue when setting the max value. The following issue was triggered: BUG: NULL pointer derefrence in the kernel; Address: 0000000000000000 PF: Supervisor read access in kernel mode...