CVE-2026-40290 OP-TEE has a Use-After-Free race in FF-A shared-memory teardown

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

CVE-2026-40290

OP-TEE (Trusted Execution Environment) on Arm Cortex-A with TrustZone suffers a Use-After-Free race in FF-A shared-memory teardown when OP-TEE is configured as an SPMC for S-EL0 SPs (CFG_SECURE_PARTITION=y). The bug lies in sp_mem_remove() not acquiring the global sp_mem_lock before freeing entri...

USN-8369-1 libapache-mod-jk vulnerability

It was discovered that Apache Tomcat Connectors used incorrect default permissions for shared memory on Unix-like systems. A local attacker could possibly use this issue to view or modify modjk configuration data in shared memory, resulting in sensitive information exposure or a denial of service...

USN-8369-1: Apache Tomcat Connectors vulnerability

It was discovered that Apache Tomcat Connectors used incorrect default permissions for shared memory on Unix-like systems. A local attacker could possibly use this issue to view or modify modjk configuration data in shared memory, resulting in sensitive information exposure or a denial of service...

PeAR: A Static Binary Rewriting Framework for Binary-Only Fuzzing

Binary-only fuzzing is a key technique for finding bugs in close-source software. Without access to source code, the fuzzer must rely on static or dynamic binary instrumentation for coverage guidance. In practice, most fuzzers favor dynamic binary instrumentation DBI, accepting runtime overhead t...

CVE-2026-46197

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...

CVE-2026-46027

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

Node.js: Memory Corruption via TOCTOU Race in SharedArrayBuffer UTF-8 Decode (`StringBytes::Encode`)

I discovered a memory corruption vulnerability in Node.js's native UTF-8 string decoding path src/stringbytes.cc. When Buffer.prototype.toString'utf8' is called on a Buffer backed by a SharedArrayBuffer, the underlying native code performs a validate-then-convert sequence without copying the data...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/shmem, swap: Fixed a race condition between the truncate operation and the swap entry splitting operation. The helper function for shmem swap does not handle the order of swap entries correctly. It uses xacmpxchgirq to eras...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: tee: added a overflow check in registershmhelper When special lengths are provided by the user space, registershmhelper may cause an integer overflow when calculating the number of pages covered by a given user space memory regio...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/shmem, swap: fixed the soft lockup issue with mTHP swapin. The following soft lockup can be easily reproduced on my test machine using the following command: echo always...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: fixed a refcount bug in skpsockget 2 Syzkaller reported the refcount bug as follows: ------------ cut here ------------ refcountt: saturated; memory was leaking. WARNING: CPU: 1 PID: 3605 at lib/refcount.c:19...

Astra Linux - уязвимость в wayland

An internal reference count is maintained on the buffer pool; this count increments every time a new buffer is created from the pool. The reference count is stored as an integer. On LP64 systems, this can lead to an overflow if the client creates a large number of wlshm buffer objects, or if it...

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the Linux kernel. Measuring the usage of shared memory does not scale well with large counts of shared memory segments, which could lead to resource exhaustion and Denial-of-Service attacks...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/smc: fixed the issue where NULL sndbufdesc was used in smccdctxhandler. When performing a stress test on SMC-R using the rmmod mlx5ib driver during the wrk/nginx test, we found that there is a possibility of triggering a pani...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/tests: shmem: Holding the reservation lock around vmap/vunmap operations Acquiring and releasing the reservation lock of the GEM object during vmap and vunmap operations. The tests used vmaplocked, which caused errors such...

Astra Linux - уязвимость в linux, linux-5.10

A memory leak flaw in the Linux kernel’s hugetlbfs memory usage was discovered in the way that the system maps some regions of memory twice using shmget. These mappings are aligned according to PUD alignment, resulting in some memory pages being misaligned. A local user could exploit this flaw to...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: Invoking MMU notifiers in shmem/file collapse paths. Any code path that updates page table entries must invoke MMU notifiers to ensure that secondary MMUs such as those related to KVM do not continue to access page...

CLSA-2026-1779204030 mod_jk: Fix of CVE-2024-46544

CVE-2024-46544: fix insecure file permissions on shared memory and lock files...

CVE-2025-66660

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCHECKTACOMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...