Malicious code in @bcs-adapters/core-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03871adba35cfbd98c46538c5e9d0249287bcc583bbf32fe1561eac467b2c5d8 The package @bcs-adapters/core-adapter was found to contain malicious code. Source: ghsa-malware...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mtkscp: Fixed a potential double-free issue. scp-rproc is allocated using devmrprocalloc, so there is no need to explicitly free it in the remove function...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: qcom/emac – fixed a UAF Use-after-Free issue in emacremove. “adpt” is netdev private data, and it cannot be used after the freenetdev call. Using “adpt” after freenetdev can cause a UAF bug. This issue was fixed by movi...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Drivers: Base: dd: Fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must have the dput function called upon it. Otherwise, a memory leak will occur over time. To simplify things,...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Media: i2c: et8ek8: Do not discard the remove function when the driver is built-in. Using exit for the remove function results in the remove callback being discarded when CONFIGVIDEOET8EK8=y. When such a device is unbound e.g.,...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ACPI: Video – Fix for a use-after-free in acpivideoswitchbrightness The switchbrightnesswork delayed work accesses to device-brightness and device-backlight, which were freed by acpivideodevunregisterbacklight during device...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: media: venus: Fixed a bug related to the use of core-work after it is freed, due to a race condition in the venusremove function. In venusprobe, core-work is bound to venussyserrorhandler, which is used to handle errors. The code...

Astra Linux - уязвимость в linux-5.15, linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: mmc: omaphsmmc: fixed the return value check in mmcaddhost The mmcaddhost function may return an error. If we ignore its return value, it will cause two issues: 1. The memory allocated in mmcallochost may be leaked. 2. In the...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Remove improper idxdfree The call to idxdfree introduces a duplicate putdevice call, resulting in a reference count underflow: refcountt: underflow; use-after-free. WARNING: CPU: 15, PID: 4428, at...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: PM: EM: fixed a memory leak caused by using debugfslookup. When calling debugfslookup, the result must have had dput called on it; otherwise, memory will leak over time. To simplify things, simply call debugfslookupandremove, whi...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerabilities have been resolved: md-raid10: fixed the KASAN warning There is a KASAN warning in raid10removedisk when running the lvm test lvconvert-raid-reshape.sh. We have fixed this warning by verifying that the value “number” is valid. BUG: KASAN:...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driveroverride when rpmsgremove Free driveroverride when rpmsgremove. Otherwise, the following memory leak will occur: Unreferenced object 0xffff0000d55d7080 size 128: Comm "kworker/u8:2", pid 56, jiffies...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: davinci: vpif: fix use-after-free on driver unbind The driver allocates and registers two platform device structures during probe, but the devices were never deregistered on driver unbind. This results in a use-after-free ...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre – fixed a resource leak in the remove process. In hpreremove, when the disable operation of qm sriov fails, the following logic should continue to be executed to release the remaining resources that have be...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix use after free in removephbdynamic In removephbdynamic we use &phb-ioresource, after we've called deviceunregister&hostbridge-dev. But the unregister may have freed phb, because pcibiosfreecontrollerdeferred ...

SUSE CVE-2026-31701

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in createcard The caiaq driver stores a pointer to the parent USB device in cdev-chip.dev but never takes a reference on it. The card's privatefree callback, sndusbcaiaqcardfree, ca...

CVE-2026-31721

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bind an hid gadget - open /dev/hidg0 - use the resulting fd in EPOLLCTLADD - unbind the UDC - bind the...

CVE-2026-43004

In the Linux kernel, CVE-2026-43004 affects the stm32-ospi driver. The root cause was a premature exit in the remove() callback when pm_runtime_resume_and_get() failed, causing cleanup of the SPI controller and other resources to be skipped. The fix removes the early return so cleanup always comp...

CVE-2026-43004 spi: stm32-ospi: Fix resource leak in remove() callback

In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fix resource leak in remove callback The remove callback returned early if pmruntimeresumeandget failed, skipping the cleanup of spi controller and other resources. Remove the early return so cleanup completes...

CVE-2026-43004

In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fix resource leak in remove callback The remove callback returned early if pmruntimeresumeandget failed, skipping the cleanup of spi controller and other resources. Remove the early return so cleanup completes...