Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: The commit pointer of the HVS FIFO is cleared once the operation is completed. Commit 9ec03d7f1ed3 “drm/vc4: kms: Wait for previous FIFO users before committing” introduced a wait for the previous commit that was...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Added a check for cstate. Since kzalloc may fail and return a NULL pointer, it would be better to check the cstate to avoid dereferencing the NULL pointer in drmatomichelpercrtcreset. Patchwork:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Do not leak some plane state. Apparently, no one noticed that the mdp5 plane states are being leaked quite severely. This issue was addressed since we introduced the planestate-commit refcount mechanism a few years...

Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src

A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. When an SVG file containing an image is rendered, a QTextLayout buffer overflow can occur...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid dividing by zero by initializing the dummy pitch to 1. Why If the dummy values in populatedummydmlsurfacecfg are not updated, they may lead to a division by zero in downstream calls such as...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fixed the issue where kvzalloc was used instead of statekcalloc. The adrenoshowobject function is problematic. It reallocates the pointer it passes on during the first call, when the data is encoded as ascii85. This...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/nouveau/debugfs: fixed the memory leak when releasing files. When using singleopen to open a file, singlerelease should be called. Otherwise, the memory allocated with singleopen may be leaked...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Do not leak a resource during the swapout movement operation. If moving the buffer to the system for swapout fails, we were leaking a resource. This issue has been fixed...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Another leak in the submit error path has been fixed. putunusedfd does not free the allocated file if we have already performed fdinstall. Therefore, we also need to free the syncfile. Patchwork:...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Invalid parameter check in msmdsiPhyEnable The function performs a check on the “phy” input parameter, however, it is used before the check. The “dev” variable is initialized after the sanity check to avoid a possibl...

Astra Linux – Vulnerability in xwayland, xorg-server

A flaw was discovered in the handling of animated cursors by the X Rendering extension. If a client does not provide any cursors, the server assumes that at least one is present. This can lead to an out-of-bounds read and potential crash...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/dsi: fixed memory corruption caused by too many bridges. Added a missing sanity check on the bridge counter to prevent corruption of data beyond the fixed-sized bridge array, in case there are ever more than eight...

CVE-2026-12048

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

CVE-2026-33244

A flaw was found in react-router. When using Framework Mode with pre-rendering enabled, an attacker can exploit improper handling of the HTTP Location header value. This can lead to Cross-Site Scripting XSS, allowing malicious scripts to be injected into statically generated HTML files if the...

[Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

CVE-2026-44688

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

PT-2026-50814

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.0 through 9.15 Description Stored cross-site scripting exists in the error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server, such as ErrorResponse messages, object names in...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

Cross-site Scripting (XSS)

Astro is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled attribute names in the spreadAttributes function during server-side rendering, which allows an attacker to inject arbitrary HTML attributes, event handlers, or malicious HTML content...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...