Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed a NULL pointer derefrence in f2fssubmitpagewrite BUG: NULL pointer derefrence in the kernel; address: 0000000000000014 RIP: 0010:f2fssubmitpagewrite+0x6cf/0x780 f2fs Call Trace: ? show regs+0x6e/0x80 ? die+0x29/0x70 ?...

Astra Linux - уязвимость в linux-5.15

A NULL pointer dereference flaw was discovered in the Linux kernel’s drivers/gpu/drm/msm/msmgemsubmit.c code, specifically in the submitlookupcmds function. This flaw occurs because there is no check on the return value of kmalloc. This issue allows a local user to crash the system...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nullblk: Fixed a issue where a NULL pointer dereference occurred when configuring ‘power’ and ‘submitqueues’. Writing ‘power’ and ‘submitqueues’ concurrently would trigger a kernel panic. Test script: bash modprobe nullblk...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: removing redundant scheduler job cleanup when CS aborts Once the command submission fails due to an invalid userptr in amdgpucssubmit, legacy code will perform cleanup of scheduler jobs. However, this is completely...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Nilfs2: Fixed a kernel bug caused by failing to clear the buffer delay flag. Syzbot reported that after Nilfs2 reads a corrupted file system image and becomes read-only, the BUGON check for the buffer delay flag in submitbhwbc ma...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed another leak in the submit error path. The putunusedfd function does not free the unused file descriptor if we have already performed the fdinstall operation. Therefore, we also need to free the syncfile. Patch...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: Add GFPNOIO to the bio completion if necessary. The bio completion path in the process context e.g., dm-verity directly calls decompression instead of triggering another workqueue context for minimal scheduling latency. Th...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fixed a fence leak in the submit error path. In error paths, we could unreference the submitted entity without calling drmschedentitypushjob. As a result, msmjobfree will never be called. Since drmschedjobcleanup will NU...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/handshake: The destructor was restored after a submission failure. The handshakereqsubmit function replaces sk-skdestruct, but never restores it when the submission fails before the request is hashed. In this case,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In the blkzonewplugbiowork function, do not use submitbionoacctnocheck. Queues of zone write operations have already gone through all preparations in the submitbio path, including freeze protection. Submitting these operations...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not clean up the repair bio if submission fails. The submission helper will always call bioendio on the bio if submission fails. Therefore, cleaning up the bio only leads to various use-after-free errors and NULL pointe...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A potential use-after-free issue has been addressed in nilfsgccachesubmitreaddata. In nilfsgccachesubmitreaddata, the function brelsebh is called to decrement the reference count of bh when the call to nilfsdattranslate...

MLflow 安全漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of mlflow prior to 3.9.0 contain security vulnerabilities. These vulnerabilities stem fr...

PT-2026-40899

Name of the Vulnerable Software and Affected Versions InfusedWoo Pro versions prior to 5.1.3 Description The InfusedWoo Pro plugin for WordPress allows unauthenticated attackers to perform Arbitrary File Read via the 'popup submit' endpoint. This allows web requests to be made to arbitrary...

CVE-2026-2725

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...

EUVD-2026-28528

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

CVE-2026-8137 Totolink X5000R formDdns sub_458E40 buffer overflow

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

CVE-2026-8137 Totolink X5000R formDdns sub_458E40 buffer overflow

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

CVE-2026-8137

The CVE-2026-8137 entry affects Totolink X5000R (firmware 9.1.0u.6369_B20230113). The vulnerable component is the function sub_458E40 in /boafrm/formDdns, where manipulation of the submit-url argument causes a buffer overflow. Remote exploitation is possible, and the exploit has been disclosed pu...

TOTOLINK X5000R 缓冲区错误漏洞

The TOTOLINK X5000R is a router produced by TOTOLINK, a Chinese electronics company. The version 9.1.0u.6369B20230113 of the Totolink X5000R contains a buffer error vulnerability. This vulnerability stems from improper handling of the submit-url parameter in the function sub458E40 within the...