Astra Linux - уязвимость в firefox, thunderbird

When reading a file, an uninitialized value might have been used as the read limit. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

Astra Linux - уязвимость в qemu

In QEMU, the softmmu/physmem.c file, versions up to 7.0.0, can perform an uninitialized read on the translatefail path, resulting in an ioreadx or iowritex crash. NOTE: A third-party report states that the “Non-virtualization Use Case” described in the qemu.org reference applies here. In other...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Added parameter validation for packet data. Syzbot reported a bug involving uninitialized values in nciinitreq. This bug was introduced through the commit 5aca7966d2a7 “Merge tag...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: netrom: Check the buffer length before accessing it. Syzkaller reports an uninit value being read from ax25cmp when sending raw messages through the ieee802154 implementation.================================================BUG...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Ensure that the presence of the LSNLATYPEDGID attribute is correctly checked. The netlink response for RDMANLLSOPIPRESOLVE should always contain the LSNLATYPEDGID attribute; otherwise, it is invalid. Use the nl...

CVE-2026-43221

A flaw was found in the Linux kernel's Intelligent Platform Management Bus IPMB component. The IPMB event handler fails to initialize read bytes, which can lead to an uninitialized value being returned during an I2C Inter-Integrated Circuit read operation. This could allow a local attacker to...

CVE-2026-43221

In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: initialise event handler read bytes IPMB doesn't use i2c reads, but the handler needs to set a value. Otherwise an i2c read will return an uninitialised value from the bus driver...

Astra Linux - уязвимость в f2fs-tools

There is an exploitable information disclosure vulnerability in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can lead to an uninitialized read operation, resulting in information disclosure. An attacker can provide a malicious file to trigger this...

CLSA-2026-1776958404 php: Fix of 5 CVEs

CVE-2019-9023: mbstring oniguruma: fix heap overflow in utf32bembctocode and related mbctocode encoders bug 77418; completes CVE-2019-9023 coverage alongside existing php-5.3.29-bug773707737177381773827738577394.patch - CVE-2019-11034: exif: fix heap-buffer-overflow in phpifdget32s bug 77753 -...

php: Fix of 5 CVEs

CVE-2019-9023: mbstring oniguruma: fix heap overflow in utf32bembctocode and related mbctocode encoders bug 77418; completes CVE-2019-9023 coverage alongside existing php-5.3.29-bug773707737177381773827738577394.patch - CVE-2019-11034: exif: fix heap-buffer-overflow in phpifdget32s bug 77753 -...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004950)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004950 advisory. In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptpxmit Commit aabc6596ffb3 net: ppp: Add bound checking for...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38229)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38229 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: cxusb: no longer judge rbuf when...

CVE-2025-71096

An uninitialized memory read flaw was found in the Linux kernel's RDMA netlink subsystem. When processing IP resolution responses RDMANLLSOPIPRESOLVE, the code did not properly validate that the required LSNLATYPEDGID attribute was present. A malformed userspace netlink message missing this...

CVE-2025-71096

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call...

CVE-2025-71096

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call...

UBUNTU-CVE-2025-71096

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call...

CVE-2025-71096

Summary (CVE-2025-71096) : The Linux kernel RDMA core netlink path handling RDMA_NL_LS_OP_IP_RESOLVE could return a DGID-less response, risking an uninitialized read on the stack. The fix ensures the LS_NLA_TYPE_DGID attribute is present, uses nla_parse_deprecated() to populate nlattrs, and then ...

PT-2026-2617

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the RDMA/core component related to the handling of netlink responses for RDMA NL LS OP IP RESOLVE queries. Specifically, the code does not correct...

CVE-2025-40189 net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix lost EEPROM read timeout error-ETIMEDOUT in lan78xxreadraweeprom Syzbot reported read of uninitialized variable BUG with following call stack. lan78xx 8-1:1.0 unnamed netdevice uninitialized: EEPROM read...

SUSE CVE-2025-40043

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nciinitreq, which was introduced by commit 5aca7966d2a7 "Merge tag 'perf-tools-fixes-for-v6.17-2025-09-16' of...