Astra Linux - уязвимость в waitress

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before Waitress has had the opportunity to call getpeername, Waitress will not properly clean up the connection. As a result, the main thread attempts to write to a socket that no long...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: Fixed the issue where listen sets the backlog to too high for preallocation rings. The listen handler of AFRXRPC allows you to set the backlog to 32 if you increase sysctl. However, although the preallocation circular...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mldnewpack mldnewpack can be called without RTNL or RCU being held. Note that we no longer can use sockallocsendskb because ipv6.igmpsk uses GFPKERNEL allocations which can sleep. Instead use...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fixed OOB read/write in network-coding decode. batadvncskbdecodepacket relies on codedlen and only checks against skb-len. The XOR operation starts at sizeofstruct batadvunicastpacket, which reduces the payload...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: pfcp: Destroy device along with udp socket's netns dismantle. pfcpnewlink links the device to a list in devnetdev instead of net, where a udp tunnel socket is created. Even when net is removed, the device stays alive on devnetdev...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — Copy Fail Linux kernel local privilege esc...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 check Quick, read-only checker for the algif...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Aquí tienes una versión completamente reescrita, con vocabulario...

CLSA-2026-1777683406 sssd: Fix of 2 CVEs

CVE-2018-10852: create the sudo responder socket with stricter permissions - CVE-2019-3811: do not return "/" as the home directory when the user has no homedir configured...

sssd: Fix of 2 CVEs

CVE-2018-10852: create the sudo responder socket with stricter permissions - CVE-2019-3811: do not return "/" as the home directory when the user has no homedir configured...

Linux Distros Unpatched Vulnerability : CVE-2026-43011

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/x25: Fix potential double free of skb When allocskb fails in x25queuerxframe it calls kfreeskbskb at line 48 and returns 1 error. This error propagates bac...

EEF-CVE-2026-42786 WebSocket fragmented message reassembly unbounded in bandit

Summary Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends ever...

CVE-2026-31700

A flaw was found in the Linux kernel. A Time-of-check to Time-of-use TOCTOU race condition exists in the tpacketsnd function when PACKETVNETHDR is enabled. A local user can exploit this by modifying the vnethdr fields in the mmap'd TX ring buffer between validation and use, thereby bypassing safe...

CVE-2026-43036

A flaw was found in the Linux kernel's networking subsystem. An attacker injecting specially crafted packets through PFPACKET paths could trigger an uninitialized value read when processing TCPv4 Generic Segmentation Offload GSO packets. This vulnerability, specifically in the gsofeaturescheck...

CVE-2026-37526

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

CVE-2026-43011

A flaw was found in the Linux kernel's X.25 networking component. This vulnerability, a double free, occurs when a socket buffer skb allocation fails in x25queuerxframe, causing the same skb to be freed twice. This improper memory handling can lead to a system crash, resulting in a Denial of...

CVE-2026-43036

In the Linux kernel, the following vulnerability has been resolved: net: use skbheaderpointer for TCPv4 GSO fragoff check Syzbot reported a KMSAN uninit-value warning in gsofeaturescheck called from netifskbfeatures 1. gsofeaturescheck reads iph-fragoff to decide whether to clear mangleidfeatures...

CVE-2026-43029

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcprecvmsg syzbot reported a soft lockup in mptcprecvmsg 0. When receiving data with MSGPEEK | MSGWAITALL flags, the skb is not removed from the skreceivequeue. This causes skwaitdata to always find...

CVE-2026-43023

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...

CVE-2026-43016

In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported use-after-free of AFUNIX socket's sk-sksocket in skpsockverdictdataready. 0 In unixstreamsendmsg, the peer socket's -skdataready is calle...