Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not report a verification bug for missing bpfsccvisit calls on speculative execution paths. Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint The arrayindexnospec function is useless if the result is spilled to the stack, as it makes the supposedly safe-under-speculation value subject to memory predictions. For all...

Astra Linux – Vulnerability in Xen

Potential speculative code storage bypasses exist in all supported CPU products. Combined with software vulnerabilities related to speculative execution of overwritten instructions, this could lead to incorrect speculation and potentially cause data leakage...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: using arrayindexnospec with indices that come from the guest min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks helps to mitigate speculative execution side-channels by clamping...

Astra Linux – Vulnerability in Linux, Linux 5.15

When SMT is enabled, certain AMD processors may speculateively execute instructions using a target from the sibling thread after a SMT mode switch, which may potentially lead to information disclosure...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, the patch 2039f26f3aca “bpf: Fixed leakage due to insufficient speculative store bypass mitigation” includes instructions...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/srso: Added SRSO mitigation for Hygon processors. Added mitigation for the speculative return stack overflow vulnerability, which also exists on Hygon processors...

SUSE SLES16 Security Update : kernel (SUSE-SU-2026:21845-1)

The remote SUSE Linux SLES16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21845-1 advisory. The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-2058:...

CVE-2026-44223

vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...

CVE-2026-46063

In the Linux kernel, the following vulnerability has been resolved: x86/shstk: Prevent deadlock during shstk sigreturn During sigreturn the shadow stack signal frame is popped. The kernel does this by reading the shadow stack using normal read accesses. When it can't assume the memory is shadow...

EUVD-2026-32445

In the Linux kernel, the following vulnerability has been resolved: x86/shstk: Prevent deadlock during shstk sigreturn During sigreturn the shadow stack signal frame is popped. The kernel does this by reading the shadow stack using normal read accesses. When it can't assume the memory is shadow...

CVE-2026-46063

The CVE-2026-46063 issue affects the Linux kernel with x86 shadow stack (shstk) handling of sigreturn. Root cause: during a shadow-stack sigframe read, the kernel previously held the mmap lock while verifying VMA flags to distinguish shadow stack memory. A page fault during this read could trigge...

CVE-2026-46063 x86/shstk: Prevent deadlock during shstk sigreturn

In the Linux kernel, the following vulnerability has been resolved: x86/shstk: Prevent deadlock during shstk sigreturn During sigreturn the shadow stack signal frame is popped. The kernel does this by reading the shadow stack using normal read accesses. When it can't assume the memory is shadow...

Astra Linux - уязвимость в linux-5.10

There is a vulnerability in the Linux Kernel within the KVM framework: nVMX, which allows for speculative execution attacks. L2 can execute Spectre v2 attacks on L1, as L1 believes it does not need retpolines or IBPB after executing L2, due to KVM L0 indicating support for eIBRS to L1. An attacke...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: Errata: Add a workaround for speculative unprivileged loads on Cortex-A520. Implement the workaround according to erratum 2966298 for ARM Cortex-A520. On an affected Cortex-A520 core, a speculative unprivileged load may le...

Astra Linux - уязвимость в linux-5.10, linux

Intel’s microprocessor generations 6 to 8 are affected by a new Spectre variant that can bypass the retpoline mitigation mechanism in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to execute arbitrary speculative code under certain...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: gpio: Preventing potential speculation leaks in gpiodevicegetdesc The userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do this by calling gpioioctl with an offset that is out of...

Astra Linux - уязвимость в linux-5.10, linux

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

Astra Linux - уязвимость в linux-5.10, linux

A flaw in the boot CPU could be exploited by attacks targeting speculative execution behavior. This flaw is related to the power management options in the Linux kernel’s X86 CPU. It was discovered in the way users resume the CPU from suspend-to-RAM. A local user could utilize this flaw to...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021538)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021538 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre...