Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: nfs: Fixed the KMSAN warning in decodegetfattr attrs. Fixed the following KMSAN warnings: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: B=BADPAGE Hardware name: QEMU Standard PC Q35 + ICH9, 2009...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed a mid leak that occurred during reconnection after a timeout threshold. When the number of responses with the status STATUSIOTIMEOUT exceeds a specified threshold NUMSTATUSIOTIMEOUT, we reconnect the connection...

Astra Linux – Vulnerability in Gdal

In GDAL version 3.0.1 and later, there is a double-free in the poolDestroy function within OGRExpatRealloc in the ogr/ogrexpat.cpp file, which occurs when the 10MB threshold is exceeded...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed a data race around the sysctltcpprobethreshold function. When reading sysctltcpprobethreshold, it can be changed concurrently. Therefore, we need to add READONCE to its reader...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/packet: fixed a slab-out-of-bounds access in packetrecvmsg syzbot found that when an AFPACKET socket uses PACKETCOPYTHRESH and mmap operations, tpacketrcv queues skbs with garbage in skb-cb, causing an excessive copy 1...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb/client: Avoid referencing rdata=NULL in smb2newreadreq. This occurs when calling from SMB2read while using rdma, and when reaching the rdmareadwritethreshold...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fixed a memory leak when thresholdcreatebank fails. In mcethresholdcreatedevice, if thresholdcreatebank fails, the previously allocated thresholdbanks array @bp will be leaked, because the call to...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: dm thin: Fixed a use-after-free crash in dmsmregisterthresholdcallback. Reports of faults injecting into the pool metadata device: - BUG: KASAN: Use-after-free in dmpoolregistermetadatathreshold+0x40/0x80. - Reading of size 8 ...

CVE-2026-31476 affecting package kernel for versions less than 6.6.134.1-2

CVE-2026-31476 affecting package kernel for versions less than 6.6.134.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2026-31407 affecting package kernel for versions less than 6.6.137.1-1

CVE-2026-31407 affecting package kernel for versions less than 6.6.137.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-6966 Signature Threshold Bypass in awslabs/tough Delegated Roles

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role...

CVE-2026-6966 Signature Threshold Bypass in awslabs/tough Delegated Roles

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role...

CVE-2026-6966

The CVE-2026-6966 issue affects awslabs/tough prior to tough-v0.22.0, where improper verification of cryptographic signature uniqueness in delegated role validation can allow remote authenticated users to bypass the TUF signature threshold by duplicating a valid signature, causing the client to a...

CVE-2026-31516

In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policyhthresh.work from racing with netns teardown A XFRMMSGNEWSPDINFO request can queue the per-net work item policyhthresh.work onto the system workqueue. The queued callback, xfrmhashrebuild, retrieves the...

CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown

In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policyhthresh.work from racing with netns teardown A XFRMMSGNEWSPDINFO request can queue the per-net work item policyhthresh.work onto the system workqueue. The queued callback, xfrmhashrebuild, retrieves the...

CVE-2026-31516

The CVE-2026-31516 relates to the Linux kernel XFRM subsystem. A race occurs during net namespace teardown when a work item (policy_hthresh.work) queued by XFRM_MSG_NEWSPDINFO may run after the netns is freed, allowing xfrm_hash_rebuild() to dereference a freed struct net (potential use-after-fre...

Broken Quantum: A Systematic Formal Verification Study of Security Vulnerabilities across the Open-Source Quantum Computing Simulator Ecosystem

Quantum computing simulators form the classical software foundation on which virtually all quantum algorithm research depends. We present Broken Quantum, the first comprehensive formal security audit of the open-source quantum computing simulator ecosystem. Applying COBALT QAI -- a four-module...

CVE-2026-23404 affecting package kernel for versions less than 6.6.130.1-1

CVE-2026-23404 affecting package kernel for versions less than 6.6.130.1-1. A patched version of the package is available...

CVE-2026-28755 affecting package nginx for versions less than 1.22.1-16

CVE-2026-28755 affecting package nginx for versions less than 1.22.1-16. A patched version of the package is available...

CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...