Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: codecs: wcd938x: fixed missing mbhc initialization error handling The initialization of MBHC may fail, so additional error handling is needed to avoid dereferencing an error pointer during later configuration of the jack...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: st: Fixed a memory leak in stofquadfssetup. If stclkregisterquadfspll fails, @lock should be freed before going to @errexit; otherwise, a memory leak will occur. Fix this issue...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipc: A memory leak has been fixed in initmqueuefs. When setupmqsysctls failed in initmqueuefs, the mqueue inode cachep is not released. To address this issue, the release path has been reordered...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: mtkethsoc: Reset the progptr to oldprog in case of an error in mtkxdpsetup. Reset the eBPF program pointer to oldprog, and do not decrease its reference count if the mtkopen routine in mtkxdpsetup fails...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm:swap: A potential buffer overflow was fixed in setupclusters. In setupswapmap, we ensure that badpages are within the range 0, lastpage. Since maxpages might be less than lastpage, setupclusters may encounter a buffer overflow...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: UVC: Prevent buffer overflow in setup handler The uvcfunctionsetup function allows control transfers with a payload of up to 64 bytes UVCMAXREQUESTSIZE. The data stage handler for OUT transfers uses memcpy to copy th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: octeonep: fixed a potential memory leak in octepdevicesetup. When errors such as unsupporteddev and mbox init occur, the variables oct-conf and iounmap oct-mmioi.hwaddr were not freed properly. This could lead to a memory leak...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe function is only used for the DP83822 PHY; the private data pointer remains uninitialized for the smaller DP83825/26 models. While all uses of the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Improved page fault error reporting If the IOMMU domain for the device group is not properly set up, we may encounter an IOMMU page fault. The current page fault handler assumes that the domain is always set up...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rkgmacsetup KASAN reports an out-of-bounds read in rkgmacsetup at the following line: while ops-regsi This occurs on most platforms, since the regs field in the flexible array is empty. As a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: mm/mempolicy: fixed an issue where uninit-value was present in mpolrebindpolicy. mpolsetnodemask mm/mempolicy.c does not set the nodemask when pol-mode is MPOLLOCAL. Check pol-mode before accessing pol-w.cpusetmemsallowed in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed wild-memory-access in registersynthevent. In registersynthevent, if setsyntheventprintfmt fails, then both traceremoveeventcall and unregisterTraceEvent will be called. This means that traceeventcall will call...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: gpiolib: A memory leak was fixed in gpiochipsetupdev. Here is a backtrace report regarding the memory leak detected in gpiochipsetupdev: Unreferenced object: 0xffff88810b406400 size 512 - Source: comm "python3", pid 1682, jiffies...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the use-of-free issue in session logout. The sess-user object may currently be used by another thread. For example, if another connection sends a session setup request to make the session available for use. The handl...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Bonding: Restore the IFFSLAVE flag of the bond if a non-Ethernet device is used as a slave during a bonding process fails. A warning was reported by syzbot1. In this case, the bonding device itself is a slave, and we attempt to u...

Untrusted Search Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the CLOUDSDKPYTHON environment variable in the .env file during the Gmail setup process. An attacker can cause unintended Python runtime execution by manipulatin...

BIT-PYTHON-MIN-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

CVE-2026-9860 Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23231)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftablesaddchain nftablesaddchain publishes the chain to table-chains via listaddtailrcu in nftchainadd before registering hooks. If nftablesregisterhook then fails, the error path calls...