Astra Linux – Vulnerability in Linux, Linux 5.10

A use-after-free exists in the drivers/tee/teeshm.c file within the TEE subsystem of the Linux kernel, as of version 5.15.11. This issue arises due to a race condition during the teeshmgetfromid function, when attempting to free a shared memory object...

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25, and 8.0.x below 8.0.12, when running PHP FPM SAPI with the main FPM daemon process running as the root user and child worker processes running as lower-privileged users, it is possible for the child processes to access memory...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/smc: Fixed an illegal access to rmbdesc during SMC-D connection dumping. A crash was detected when dumping SMC-D connections. This issue can be reproduced by performing the following steps: 1. Run the nginx/wrk test: smcrun...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: fixed a refcount bug in skpsockget2. Syzkaller reported the refcount bug as follows: ------------ cut here ------------ refcountt: saturated; memory was leaking. WARNING: CPU: 1 PID: 3605 at lib/refcount.c:19...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/filemap: Make MAXPAGECACHEORDER acceptable to xarray. Patch series “mm/filemap: Limit page cache size to that supported by xarray”, version 2. Currently, xarray cannot support arbitrary page cache sizes. More details can be...

CVE-2026-31700

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnethdr in tpacketsnd In tpacketsnd, when PACKETVNETHDR is enabled, vnethdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel validates the header via...

📄 V8 BigInt String Conversion Stress Test Conceptual Sandbox

This is a V8 Sandbox Escape vulnerability in BigInt::Allocate where buffers are shuffled outside the sandbox. The vulnerability allows for writes outside the boundaries of the allocated buffer within the sandbox outbound write by manipulating data during the MultiplyFFT process...

CVE-2026-31654

A flaw was found in the Linux kernel. When a shared memory mapping is created for /dev/zero, a memory leak can occur if the virtual memory area VMA allocation fails. This happens because a newly allocated file, intended to back the mapping, is not properly released in the error path, leading to...

CLSA-2026-1776880484 tigervnc: Fix of CVE-2026-34352

CVE-2026-34352: fix incorrect permissions on x0vncserver shared-memory image that allowed other users to observe or manipulate the screen or crash the server...

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...

PT-2026-34242

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the kernel's handling of protection keys for address ranges. The subroutine responsible for updating page table entries fails to account for 1GB largepage mappings creat...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013697)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013697 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether transferred 2D BO is shmem Transferred 2D BO always must be a shmem BO...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011199)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011199 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether transferred 2D BO is shmem Transferred 2D BO always must be a shmem BO...

FreeBSD -- Missing large page handling in pmap_pkru_update_range()

Problem Description: In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface...

CVE-2026-21733 RESERVED

Vulnerability in Imagination Technologies Graphics DDK on Linux, Android -- RESERVED...

CVE-2026-21733 RESERVED

Vulnerability in Imagination Technologies Graphics DDK on Linux, Android -- RESERVED...

CVE-2026-21733

CVE-2026-21733 concerns a vulnerability in Imagination Technologies’ GPU driver where software running as a non-privileged user can perform improper GPU system calls due to incorrect handling of GPU memory reservation protections. The root cause is described as improper handling of GPU memory res...

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...

VulnCheck KEV: CVE-2025-43510

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpect...

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...