CVE-2026-7737

CVE-2026-7737 affects osrg GoBGP up to 4.3.0. The vulnerability lies in the BMP parser, specifically BMPPeerUpNotification.ParseBody and BMPStatisticsReport.ParseBody in pkg/packet/bmp/bmp.go, where input manipulation leads to an out-of-bounds read. The issue is exploitable remotely. A fix is pub...

EUVD-2026-26884

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

CVE-2026-7730

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

OSV-2026-678 UNKNOWN WRITE in ___interceptor_strncpy

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=508899220 Crash type: UNKNOWN WRITE Crash state: interceptorstrncpy concathashstring ndpisearchsshtcp...

PT-2026-36781

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create document/open document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. Th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoided memory leak in applereportfixup The applereportfixup function was returning a buffer allocated by kmemdup, but never freeing that buffer. The caller of reportfixup does not take ownership of the returned...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

The roccatreportevent in the drivers/hid/hid-roccat.c file in the Linux kernel, as of version 5.19.12, contains a race condition, which can lead to a use-after-free situation under certain conditions when a report is received while the report-value copy operation is in progress...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: arm64/ptrace: Fixed a stack-out-of-bounds read in regsgetkernelstacknth. KASAN reported a stack-out-of-bounds read in regsgetkernelstacknth. Call trace: 97.283505 BUG: KASAN: stack-out-of-bounds in...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Do not report a BUG when INLINEDATAFL lacks the system.data xattr attribute. A syzbot fuzzed image triggered a BUG in ext4updateinlinedata, when an inode had the INLINEDATAFL flag set but lacked the system.data extended...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix wakerbfqq UAF after bfqsplitbfqq Our syzkaller reports a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfqinitrq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr ffff8881b57147d8 by task...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN use-after-free out of bounds. When we run syzkaller, we encounter an Out of Bounds error. The specific error message is: “KASAN: slab-out-of-bounds Read in regcacheflatread”. The issue can be traced as...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtlwifi – significantly reduced the attempts to read efuse in case of failures. Syzkaller reported a hung task with ueventshow on the stack trace. That specific issue was addressed by another commit 0. However, even with...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netdevsim: Avoid potential loops in nsimdevtrapreportwork. Many syzbot reports include the following trace 1. If nsimdevtrapreportwork cannot acquire the mutex, it should rearm itself at least one jiffie later. 1 Sending NMI...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a problem where a timer was used after freeing memory when a mount operation failed. Syzbot has identified an ODEBUG bug in ext4fillsuper. The deltimersync function cancels the serrreport timer, which reminds of...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – Do not read beyond the mfuart notification. In the event that the firmware sends a notification claiming to have more data than it actually does, we will read beyond the allocated space for the notification...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: kcsan: Turning reportfilterlistlock into a rawspinlock Ran Xiaokai reported that with a KCSAN-enabled PREEMPTRT kernel, we can observe such issues as follows: | BUG: Sleeping function called from invalid context at...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: Do not queue data on closed subflows. Dipanjan reported a critical bug fix at the right time: WARNING: CPU: 1 PID: 10818 at net/ipv4/afinet.c:153 inetsockdestruct+0x6d0/0x8e0 net/ipv4/afinet.c:153 Linked modules:...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ubifs: Authentication: Fixed a use-after-free in ubifstncendcommit. After an insertion in TNC, the tree may split, causing a node to change its znode-parent. Further deletions of other nodes in the tree which could also free thos...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ubi: Fixed a use-after-free issue when volume resizing failed. There is a use-after-free problem reported by KASAN: ========================================= BUG: KASAN: Use-after-free in ubiebacopytable+0x11f/0x1c0 ubi A read of...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net/9p: Fixed an issue related to uninit-value in p9clientrpc. Syzbot, with the help of KMSAN, reported the following errors: BUG: KMSAN: uninit-value in trace9pclientres, include/trace/events/9p.h:146 inline BUG: KMSAN:...