CVE-2026-43195 drm/amdgpu: validate user queue size constraints

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate user queue size constraints Add validation to ensure user queue sizes meet hardware requirements: - Size must be a power of two for efficient ring buffer wrapping - Size must be at least AMDGPUGPUPAGESIZE to...

CVE-2026-43176

The CVE-2026-43176 entry refers to a vulnerability in the Linux kernel’s rtw89 WiFi driver (PCI path) affecting RTL8922DE where release report content was not properly validated. This could cause a crash (DoS) when handling a malformed TX release report. The root cause is insufficient validation ...

CVE-2026-43076 ocfs2: validate inline data i_size during inode read

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate inline data isize during inode read When reading an inode from disk, ocfs2validateinodeblock performs various sanity checks but does not validate the size of inline data. If the filesystem is corrupted, an inode's...

SUSE CVE-2026-31779

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwlmvmndmatchinfohandler The memcpy function assumes the dynamic array notif-matches is at least as large as the number of bytes to copy. Otherwise, results-matches may...

PT-2026-37516

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the rtw89 Wi-Fi driver for the RTL8922DE chip. The system fails to properly validate the content of the TX release report, which can lead to a kernel crash if a malforme...

Pillow has a heap buffer overflow with nested list coordinates

Passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to...

OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange

Impact The ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The VelocityEngine is initialized with only logging properties and noSecureUberspector, leaving the default...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node IDs in mapbenchmarkioctl, the nodepossible function may receive invalid arguments outside the range of 0, MAXNUMNODES-1, leading to: BUG: KASAN:...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation. Each attribute within a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo. Therefore, the size of such an attribute must be at least sizeofstruct...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Firmware: csdsp: Validate the payload length before processing the block. The check for the payload length should be performed before the block is processed. The previous check, which ensured that the length of a block’s paylo...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validated TA binary size. Added validation of TA binary size to prevent out-of-band OOB writes. Selected from the commit c0a04e3570d72aaf090962156ad085e37c62e442...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure that there is sufficient space to access the protocol field of the VLAN header. Validate this once before the flowtable lookup. =========================================== BUG:...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It is not safe to access nlalenovskey if the data is smaller than the netlink header. Make sure the attribute is valid first...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: calipso: Do not call calipso functions for AFINET sockets. syzkaller reported a null-ptr-deref in txoptget. 0 The offset 0x70 refers to struct ipv6txoptions within struct ipv6pinfo. Therefore, struct ipv6pinfo was NULL there...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: validate dataoffset and datalength field of smbdirectdatatransfer If the dataoffset and datalength fields of the smbdirectdatatransfer structure are invalid, an out-of-bounds issue may occur. This patch validate...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf-pagecount Syzbot reported a GPF in sgallocAppendTableFromPages. The problem arose from the condition ubuf-pages == ZEROPTR. ubuf-pagecount is calculated based on arguments passed from the user-space. If the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: A bug in pvr2i2ccoreinit caused an array-index-out-of-bounds issue. Syzbot reported that -1 was used as an array index. The problem stemmed from a missing validation check. The variable hdw-unitnumber was...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Added validation for the ringlen parameter. The ringlen parameter provided by the virtual function VF is assigned directly to the hardware memory context HMC without any validation. To address this issue, a upper boundar...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters We have added validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes caused by malformed format strings...

CVE-2026-43020 Bluetooth: MGMT: validate LTK enc_size on load

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...