CVE-2026-8666

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

EUVD-2026-38845

In the Linux kernel, the following vulnerability has been resolved: futex: Prevent lockup in requeue-PI during signal/ timeout wakeup During wait-requeue-pi task A and requeue-PI task B the following race can happen: Task A Task B futexwaitrequeuepi futexsetuptimer futexdowait futexrequeue CLASSh...

EUVD-2026-38816

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: prevent integer overflow in I2CTIMEOUT ioctl While fuzzing with Syzkaller, a persistent scheduletimeout: wrong timeout value warning was observed, accompanied by SMBus controller state machine corruption. The I2CTIMEOUT...

EUVD-2026-38954

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix racing timeout handler The bcmgenettimeout handler tries to take down all tx queues when a single queue times out. This is over zealous and causes many race conditions with queues that are still chugging along...

EUVD-2026-38919

In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on When PERST is deasserted twice assert - deassert - assert - deassert, a CBB Control Backbone timeout occurs at DBI register offset 0x8bc PCIEMISCCONTROL1OFF...

EUVD-2026-38912

In the Linux kernel, the following vulnerability has been resolved: soc/tegra: cbb: Fix incorrect ARRAYSIZE in fabric lookup tables Fix incorrect ARRAYSIZE usage in fabric lookup tables which could cause out-of-bounds access during target timeout lookup...

EUVD-2026-37769

undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse...

Astra Linux – Vulnerability in Xen

Inappropriate x86 IOMMU timeout detection/handling: IOMMU processes commands that are issued in parallel with the operation of the CPUs that issue those commands. In the current implementation in Xen, asynchronous notifications of the completion of such commands are not used. Instead, the issuing...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfcgetsfpinfo The MBXTIMEOUT return code is not properly handled in lpfcgetsfpinfo, and the routine unconditionally frees the submitted mailbox commands, regardless of the return status. Th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Anonymous sets are never used with a timeout flag from the user space; this behavior should be rejected. An exception to this rule is when using NFTSETEVAL, to ensure that legacy metering mechanisms continue ...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fixed handling of connection failures In cases where immediate MPA Media Plane API request processing fails, the newly created endpoint unlinks from the listening endpoint and becomes ready to be dropped. This special...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: hisilicon: Added multi-thread support for DMA channels. When a DMA channel is obtained and tried to be used across multiple threads, it can lead to errors and cause the system to hang. bash % echo 100...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: wwan: t7xx: Fixed the FSM command timeout issue When the driver processes the internal state change command, it uses an asynchronous thread to handle the command operation. If the main thread detects that the task has tim...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed a crash that occurred when I/O abort times out. During CPU hotplug, a crash was observed with the following stack: Call Trace: qla24xxprocessresponsequeue+0x42a/0x970 qla2xxx qla2x00startnvmemq+0x3a2/0x4b0...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: slimbus: Messaging: The transaction ID is not freed in a delayed interrupt scenario. In cases where an interrupt is delayed for any reason, the slimdotransfer function returns a timeout error, but the transaction ID TID is not...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: mailbox: bcm2835: Fixed timeout during suspend mode During the noirq suspend phase, the Raspberry Pi power driver experiences firmware property timeouts. The reason is that the IRQ of the underlying BCM2835 mailbox is disabled...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Audit: Improved robustness of audit queue handling If the audit daemon becomes stuck in a stopped state, the kauditdthread function in the kernel might get blocked while attempting to send audit records to the audit daemon in the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Drivers: Staging: rtl8192eu: Fixed a deadlock in rtwjoinbsseventprehandle. There is a deadlock in rtwjoinbsseventprehandle, as shown below: Thread 1 | Thread 2 | settimer rtwjoinbsseventprehandle | modtimer spinlockbh //1 | Wait...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: wl1251 – Fixed a memory leak in wl1251txwork. The skb packet dequeued from txqueue is lost when the wl1251pselpwakeup function fails with an -ETIMEDOUT error. This issue was fixed by re-queuing the skb packet back into...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mpblk: Add fdcc clock to hdmimix domain According to the i.MX8MP RM and HDMI specifications, the fdcc clock is part of the HDMI RX verification IP. This clock should not be enabled for HDMI TX...