Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: tracing: Fixed an out-of-bounds write in traceseqtobuffer. syzbot reported this bug: ================================================================== Bug: KASAN: Out-of-bounds access in traceseqtobuffer in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Fixed a race condition in kprobe initialization that could lead to NULL pointer dereferencing. There is a critical race condition in kprobe initialization that can result in NULL pointer dereferencing and cause the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Limit access to parser-buffer when tracegetuser fails. When the length of the string written to setftracefilter exceeds FTRACEBUFFMAX, the following KASAN alarm will be triggered: BUG: KASAN: Slab-out-of-bounds in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: The crash in timerlatdumpstack has been fixed. We have observed kernel panics when using timerlat with stack saving, with the following dmesg output: memcpy: detected buffer overflow: 88 bytes written to a buffer...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Tracing: A silence warning is issued when chunk allocation fails in tracepidwrite. Syzkaller triggers a fault injection warning: WARNING: CPU: 1 PID: 12326 at tracepointaddfunc+0xbfc/0xeb0 Modules linked in: CPU: 1 UID: 0 PID:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Prevent an incorrect count for tracingcpumaskwrite. If a large count is provided, it will trigger a warning in bitmapparseuser. Also, check for zero in that case...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: tcp/dccp: Do not use timerpending in reqskqueueunlink. Martin KaFai Lau reported a use-after-free in reqsktimerhandler. We are encountering a use-after-free related to a bpf program attached to tracetcpretransmitsynack. The...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: corrected the order of the prelimref arguments in btrfsprelimref The btrfsprelimref function calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is...

Chromium: CVE-2026-11700 Use after free in Tracing

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules

New Tracing Options As hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on an op or writing a new one, what we can do is make the debugging experience easier. To that end one of our two Google Summer of Code GSoC projects is here to...

OESA-2026-2676 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: parisc: Drop WARNONONCE from flushcachevmap I have observed warning to occassionally trigger.CVE-2025-39781 In the Linux kernel, the following vulnerability has...

Ubuntu 20.04 LTS : Linux kernel (Azure FIPS) vulnerabilities (USN-7939-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7939-2 advisory. Jean-Claude Graf, Sandro Regge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation betwee...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7922-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7922-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

CVE-2026-11700

An use after free flaw was found in the Tracing component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=511732085...

SUSE CVE-2026-11700

Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-35226

Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11700

Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2026-11700

Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11700

Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11700

Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...