CVE-2026-44608 Use after free and crash under special conditions in RPZ code

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

CVE-2026-44608

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

CVE-2026-44608 Use after free and crash under special conditions in RPZ code

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed the mismatch between the increment and decrement of rcount. rcount is only incremented when there is an oplock break, but the increment and decrement operations are not paired. This can cause rcount to become negativ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in the struct vhosttask. vhosttaskcreate creates a task and keeps a reference to its taskstruct. The task may exit early via a signal, and its taskstruct will be released. A pending vhosttaskwa...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Fixed the use of a mutex in the IRQs-disabled section. The current imc-pmu code triggers a warning when CONFIGDEBUGATOMICSLEEP is enabled and CONFIGPROVELOCKING is also enabled, while a threadimc event is running...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Fuse: Abort on fatal signal during sync init When sync init is used and the server exits for some reason e.g., error, crash, the filesystem creation will hang. The reason is that while all other threads exit, the mounting thread ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: RSI: Fixed a memory leak in rsicoexattach The coexcb object needs to be freed when rsicreatekthread fails in rsicoexattach...

Astra Linux - уязвимость в firefox, thunderbird

Freeing arbitrary nsIInputStream's on a thread other than the one in which they were created could lead to a use-after-free, potentially causing a crash. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload A system crash is observed due to a stack trace warning related to the use after free operation. There are two signals that can cause dpcthread to terminate: the UNLOADING flag and...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: The “Drain deferred trigger” operation is freed if kthread creation fails. Registration of boot-time triggers may fail before the trigger-data cleanup is completed. If a kthread exists, deferring the “Drain deferred...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: Fixed the issue of starving the scxenable function under fair-class saturation. During scxenable, the READY - ENABLED task switching loop changes the calling thread’s schedclass from fair to ext. Since fair has a higher...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: hisilicon: Added multi-thread support for DMA channels. When a DMA channel is obtained and tried to be used across multiple threads, it can lead to errors and cause the system to hang. The following commands can be...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: In devcom, fix for error flow in mlx5devcomregisterdevice. In the event of a failure in devcom allocation, mlx5 always frees the private memory. However, this private memory might have been allocated by a different...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Fixed a race condition in hidpsessionthread. There is a potential race condition in hidpsessionthread that may lead to a use-after-free. For example, the timer is active while hidpdeltimer is called in...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed to avoid a use-after-free in f2fsstopgcthread. The syzbot reports a f2fs bug as follows: dumpstack lib/dumpstack.c:88 inline dumpstacklvl+0x241/0x360 lib/dumpstack.c:114 printreport+0xe8/0x550 mm/kasan/report.c:491...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: LoongArch: Fixed warnings during S3 suspension The enablegpewakeup function calls acpienableallwakeupgpes, and this function may also call the preemptschedulecommon function. This results in a thread switch, causing the CPU to...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: wwan: t7xx: Fixed the FSM command timeout issue When the driver processes the internal state change command, it uses an asynchronous thread to handle the command operation. If the main thread detects that the task has tim...

Astra Linux - уязвимость в firefox

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox 133 and Thunderbird 133...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fixed the buffer overflow in showrcu TasksTracegpkthread. There is a possibility of buffer overflow in showrcuTasksTracegpkthread if the counters passed to sprintf are very large. The counter values used for this...