MAL-2026-3332 Malicious code in rogiant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c7f7e1dc50782abed477c5013c8a732e952d747ffa770f399571ff468699b8f3 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in rogiant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c7f7e1dc50782abed477c5013c8a732e952d747ffa770f399571ff468699b8f3 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: brcmfmac: pcie: Firmware is released in the brmfipciesetup error path. This prevents memory leaks if the brmfichipgetraminfo function fails. Note that the CLM blob is released in the device removal path...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix memory leak in gpiochipsetupdev Here is a backtrace report about memory leak detected in gpiochipsetupdev: unreferenced object 0xffff88810b406400 size 512: comm "python3", pid 1682, jiffies 4295346908 age 24.090s...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed a possible crash that occurred when setting up bsg failed. If bsgsetupqueue fails, the bsgqueue is assigned a non-NULL value. Consequently, in mpi3mrbsgexit, the condition “if!mrioc-bsgqueue” will not be...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: cxl/region: Do not attempt cleanup after a failure in cxlRegionAttach. Commit 5e42bcbc3fef “cxl/region: Decrement -nrtargets in case of errors in cxlRegionAttach” attempted to prevent initialization errors when -nrtargets...

Astra Linux – Vulnerability in liblivemedia

Live555 version 1.08 does not handle Matroska and Ogg files properly. Sending two consecutive RTSP SETUP commands for the same track causes a Use-After-Free error and results in a crash of the daemon...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: When a non-Ethernet device is used as a slave in a bonding configuration, the IFFSLAVE flag of the bonding device must be restored if the slave device fails. A warning was reported by syzbot1. In this case, the bonding device...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: A memory leak occurs when the build ntlmssp negotiate blob operation fails. There is a memory leak when mounting CIFS shares: - Unreferenced object: 0xffff888166059600 size 448 Command: “mount.cifs”, PID: 51391, Jiffies:...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link Why A NULL pointer dereference occurred during MST and DSC setup. BUG: NULL pointer dereference in the kernel, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 1...

Astra Linux - уязвимость в linux

In the Linux kernel, from drivers/block/nbd.c up to version 5.10.12, there is a use-after-free in the nbdaddsocket function. This issue could be triggered by local attackers who have access to the nbd device. The attack occurs during I/O requests at a certain point in device setup, specifically...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: PCI: Keystone: Fixed a NULL pointer dereferencing issue in case of a DT error in kspciesetuprcapp regs. If IORESOURCEMEM is not provided in the Device Tree due to any error, resourcelistfirsttype will return NULL, and...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: fixed a possible memory leak in smb2lock. argv needs to be freed when setupasyncwork fails, or when the current process is awakened...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-scheme: Cleanup of subdirectories under the scheme dir setup failed. When the setup of the DAMOS-scheme DAMON sysfs directory fails after setting up the accesspattern/ directory, the subdirectories of the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: In libceph, the error from monhandleauthdone should be returned. Currently, any error from cephauthhandlereplydone is propagated via finishauth, but it is not returned from monhandleauthdone. This results in higher layers...

Astra Linux – Vulnerability in liblivemedia

In liveMedia/FramedSource.cpp within Live555, up to version 1.08, an assertion failure can occur, leading to an application exit through multiple SETUP and PLAY commands...

Malicious code in rostilesolver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eef0922e5bb8ba3371baad4b76542215ff15e445a9d6ed6fb5546230fe5da4df During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

PT-2026-45127

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC version 1.23 Description A stack-based buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the formPPPoESetup function located in the /goform/formPPPoESetup file, where...

MAL-2026-3237 Malicious code in protocol-stub-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8ad6f31dc6bdf35ca55cf2a55e9124e07131de068c8ff945e62716637b6e06d1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in protocol-stub-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8ad6f31dc6bdf35ca55cf2a55e9124e07131de068c8ff945e62716637b6e06d1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...