Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: The severity of the WARN message has been reduced to be sent via devdbg in the callback. The warning is triggered due to a known race condition, which is documented in the code above. This issue is now properly...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Fixed overlapping copies within dmlcoremodeprogramming REASON &modelib-mp.Watermark and &locals-Watermark are the same address. memcpy may lead to unexpected behavior. SOLUTION memmove should be used instead...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshakereqdestroytest1 Recently, the handshakereqdestroytest1 test started failing: The expected value of handshakereqdestroytest should be req, but the actual value is 0000000000000000. The correct value...

Astra Linux - уязвимость в tiff

A null source pointer passed as an argument to the memcopy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, a fix is available in the commit...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs While working with event probes eprobes, I tried to see what would happen if I attempted to retrieve the instruction pointer %rip knowing that event probes do not...

Astra Linux - уязвимость в netty

The Snappy frame decoder function does not limit the chunk length, which can lead to excessive memory usage. In addition, it may also buffer reserved skipable chunks until the entire chunk is received, which can also result in excessive memory usage. This vulnerability can be exploited by providi...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: blk-mq: Ensure that the active queue usage is retained for biointegrityprep. The function blkintegrityunregister may be called if the queue usage counter is not retained for a bio with integrity prepared. This could lead to a...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: arm64: The issue was fixed in the concurrently setting of insnemulation sysctls. The emulationprochandler function changes table-data for procdointvecminmax. However, it may cause an OOPs error if called concurrently with itself:...

Astra Linux - уязвимость в python3.11

It allows arbitrary filesystem writes outside the extraction directory during extraction with the filter="data" parameter. This vulnerability affects users who use the tarfile module to extract untrusted tar archives using methods like TarFile.extractall or TarFile.extract, with the filter=...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: kunit/fortify: Fixed incorrect usage of kvalloc/vfree. The kv family of functions were accidentally freed with vfree instead of using kvfree. Please use kvfree instead...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: regulator: stm32-pwr: fix ofiomap leak Smatch reports: drivers/regulator/stm32-pwr.c:166 stm32pwrregulatorprobe warning: The “base” from ofiomap is not released on lines 151 and 166. In stm32pwrregulatorprobe, the base is not...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: kernel/resource: Fixed the issue where bootmem memory was freed again after allocation. Since the commit ebff7d8f270d “mem hotunplug: fixed the issue of bootmem memory being freed after allocation”, we could encounter a situation...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net:mctp: Fixed the device reference leak that occurred during probe failures. The driver core holds a reference to the USB interface and its parent USB device while the interface is bound to the driver. There is no need to ho...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: md: Fixed an issue with warnings for holder mismatch in exportrdev. The commit a1d767191096 “md: Use mddev-external to select holder in exportrdev” fixes the problem where ‘claimrdev’ is used for blkdevgetbydev, while ‘rdev’ i...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: DSA: Avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one that supports UC filtering and MC filtering as a DSA master for a randomly selected DSA switch, the following...

Astra Linux - уязвимость в exiv2

In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file may lead to an infinite loop and system hangs, accompanied by high CPU consumption. Remote attackers could exploit this vulnerability to cause a denial of service by using a specially crafted file...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ICMP: Prevent possible NULL dereferencing from icmpbuildprobe. The first issue involves a double call to indevgetrcu; since the second call might return NULL. The code should be written as follows: if indevgetrcudev &&...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A hash collision flaw was discovered in the IPv6 connection lookup table within the Linux kernel’s IPv6 functionality. This flaw occurs when a user carries out a new type of SYN flood attack. A user located within the local network or with a high-bandwidth connection can cause the CPU usage of th...

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

CVE-2026-8627

The CVE-2026-8627 entry affects the WordPress plugin Correct Prices (