Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: venus: Fixed the issue where a use-after-free occurred in vdecclose. It seems that there might be a potential use-after-free when using vdecclose. The firmware will add the buffer release process to the work queue through...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Venus: pmhelpers: Fixed a warning in the OPP phase during the probe. Fixed the following WARN messages that were triggered during the Venus driver probe in version 5.19.0-rc8-next-20220728: WARNING: CPU: 7 PID: 339 at...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: venus: vdec: A possible memory leak issue has been fixed. The implementation of venushelperallocdpbbufs allows for an early return on an error path when checking the ID from idaallocmin. This would prevent the earlier buff...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit. If venusprobe fails at pmruntimeputsync, it first calls hfiDestroy, and then hficoredeinit. Since hfiDestroy sets core-ops to NULL, hficoredeinit can no longer call the...

ROS-20260403-73-0021

A vulnerability in the venus component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker to cause a denial of service...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005127)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005127 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in venusremove due to race condition in venusprobe, core-wo...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005099)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005099 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with...

ROS-20260126-73-0018

A vulnerability in the venus component of the Linux operating system kernel is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260126-73-0017

A vulnerability in the venus component of the Linux operating system kernel is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Azure Linux 3.0 Security Update: kernel (CVE-2025-23159)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23159 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle...

Azure Linux 3.0 Security Update: kernel (CVE-2025-23158)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23158 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle...

CLSA-2025-1763989962 Fix of 8 CVEs

CVE-url: https://ubuntu.com/security/CVE-2025-38352 - posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-url: https://ubuntu.com/security/CVE-2022-25265 - x86/elf: Add table to document READIMPLIESEXEC - x86/elf: Split READIMPLIESEXEC from executable PTGNUSTACK -...

EUVD-2025-175737

Malicious code in venus-epimetheus-halley-json npm...

EUVD-2025-178657

Malicious code in greatfilter-venus-stream-halley npm...

MAL-2025-187707 Malicious code in kronos-lynx-brane-venus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4b0fb92e5f1f3a612ab9477511fd26789ef0566213df6d8bc93ee1ffa10bd9b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187225 Malicious code in greatfilter-venus-stream-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2688ecd07f82607da45c4ce63b5e64aab9f8a5cd170454bb2ba16f0dbd1b5a8f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175738

Malicious code in venus-dactyl-publish-markdownlint npm...

Malicious code in neptune-venus-foundation-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee152f2d4396ca7e5f7e1a9e8af596f9095773d1fab65f76596fd3bf58c29f61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in brane-venus-betelgeuse-altair (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 558276da0386c127016f30005da101fb0864551790dad588cd551158b91bed58 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in init-venus-sync-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41b6e40d812a9363fa5f719d89f8033b005cc387fbeadb50dac11ca6fcd9ba44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...