CVE-2026-52931

A flaw was found in the batman-adv tpmeter module of the Linux kernel. A remote attacker could exploit this vulnerability by sending a specially crafted acknowledgment ACK packet to a node configured as a receiver in an ongoing tpmeter session. This could lead to the use of uninitialized sender...

CVE-2026-55392

A flaw was found in NILFS utilities. An attacker can exploit this vulnerability by supplying a crafted NILFS2 image. This can lead to undefined behavior, oversized shifts, or out-of-memory conditions, ultimately causing a Denial of Service DoS by crashing tools such as nilfs-tune and dumpseg...

SUSE CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: blkiocost: fixed issues with out-of-bound shifts. Recently, running UBSAN detected a few out-of-bound shifts in the iocforgivedebts function: UBSAN: Out-of-bound shift in block/blk-iocost.c:2142:38; Shift exponent 80 is too...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: The kexecbuf structure was previously declared without initialization. The patch series “kexec: Fix invalid field access” addresses this issue. The kexecBuf structure was declared without being initialized. The comm...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: ena: Fixed an out-of-bounds shift in the exponential backoff mechanism. The ENA adapters on our instances occasionally reset. Recently, a UBSAN failure was logged on the console during this process: UBSAN: Out-of-bounds shif...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: This issue prevents UBSAN errors occurring in truesectorsperclst. The syzbot reported the following UBSAN error: 76.901829 T6677 ================================================================================ 76.903908...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bcache: Fixed the abuse of variable-length arrays in btreeiter. btreeiter is used in two ways: either allocated on the stack with a fixed size MAXBSETS, or from a mempool with a dynamic size based on the specific cache set...

Astra Linux – Vulnerability in ffmpeg5

It was discovered that FFmpeg version n6.1 contains a heap buffer overflow vulnerability in the drawblockrectangle function of libavfilter/vfcodecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service DoS attack through crafted inputs...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavior: applying zero offset to a null pointer ACPICA commit: 770653e3ba67c30a629ca7d12e352d83c2541b1e Before this change, the following UBSAN stack trace was seen in Fuchsia: 0 0x000021e4213b3302 in...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the code file coders/bmp.c. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned int. This likely leads to a disruption in the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: stmmac: fixed an issue with left shift overflow in DMA queues When the queue number is greater than 4, left shift overflows due to the 32-bit integer variable used in calculations. The mask calculation for MTLRXQDMAMAP1 i...

Astra Linux – Vulnerability in imagemagick

An integer overflow issue was discovered in ImageMagick’s ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values that are outside the representable range for ‘unsigned char’. When ImageMagick processes a specially crafted PDF file, this...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in setflicker Syzkaller reported the following issue: UBSAN: Shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27; shift exponent 245 is too large for a 32-bit type ‘int’. When t...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick within MagickCore/statistic.c. An attacker who submits a crafted file processed by ImageMagick could induce undefined behavior, resulting in an excessively large value for the 64-bit type ssizet. This likely leads to a disruption in the application’s...

CVE-2026-11576

The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fxfileclose even when the file was never successfully opened. Multiple error branches jump to t...

CVE-2026-11576

The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fxfileclose even when the file was never successfully opened. Multiple error branches jump to t...

CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

CVE-2026-55392

CVE-2026-55392 affects NILFS utilities up to version 2.3.0. The root cause is nilfs_sb_is_valid() not validating s_log_block_size in the NILFS2 superblock before bit-shift operations, enabling undefined behavior from oversized shifts and potential out-of-memory conditions that can crash tools lik...