Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ovl: Use the “buf” flexible array as the destination for memcpy. The “buf” flexible array must be used as the destination for memcpy to avoid false positive run-time warnings caused by the recent FORTIFYSOURCE hardening measures:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: crypto: marvell/octeontx – prevents integer overflows The value of “codelength” comes from the firmware file. If your firmware is untrusted, there’s likely very little you can do to protect yourself. Nevertheless, we still try...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: ipv6: Fixed warnings related to memcpy operations that span multiple fields in the AH output. These warnings occur when extension headers are copied to IPv6 address fields, causing Fortify-string warnings regarding writes...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed the destruction of kthread workers in polling mode. The cleanup order in polling mode irq worklist and WARNON!listempty&worker-delayedworklist. The original code called kthreadDestroyWorker before...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fixed the issue where global state locks were locked backoff. We need to acquire the lock after the early return in the !hwpipe case. Otherwise, we might encounter contention but still return 0. This fix addresses a...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bonding: Unnecessary warnings and logs from bondxdpgetxmitslave have been fixed. syzbot reported a warning in bondxdpgetxmitslave. To reproduce this issue1, one bonding device bond1 should have xdpdrv, which increases...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: validation of user data in compact ioctl commands. Incorrect user data may cause warnings in i2ctransfer. For example, it may result in no messages being sent at all. Userspace should not be able to trigger such warnings...

Fedora 44 : composer (2026-9b34a78e81)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9b34a78e81 advisory. Version 2.10.1 - 2026-06-04 Security: Fixed shell escaping when opening an editor 12903 Security: Verify backup phar signature before restoring it when using...

EUVD-2026-36397

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

PT-2026-47544

Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...

SUSE CVE-2026-46255

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsledmaengine::muxclk are allocated and enabled with devmclkgetenabled, which automatically cleans these resources up, but these clocks are also manual...

CVE-2026-46255

A flaw was found in the Linux kernel's fsl-edma driver. This vulnerability occurs because the driver attempts to explicitly disable clocks during its removal process, even though these resources are automatically managed. This redundant action can lead to warnings being generated during driver...

CVE-2026-46255

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsledmaengine::muxclk are allocated and enabled with devmclkgetenabled, which automatically cleans these resources up, but these clocks are also manual...

CVE-2026-46255

Summary: CVE-2026-46255 affects the Linux kernel fsl-edma driver (dmaengine). The issue arises because clocks allocated/enabled with devm_clk_get_enabled() are automatically cleaned up, but fsl_edma_remove() explicitly disables them via fsl_disable_clocks(), causing warnings during driver removal...

CVE-2025-71314

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recov...

CVE-2025-71314

In the Linux kernel, the drm/panthor component was updated to recover from panthor_gpu_flush_caches() failures that could block the memory subsystem. The fix introduces a reset path to recover when flush operations hang, and resets pending_reqs so new commands can be issued after a reset. If addi...

PT-2026-45985

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/panthor component where the memory subsystem can become blocked, causing flush operations to never complete. This state can be triggered by buggy GPU jobs...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fsl-edma driver disabling clocks that were previously automatically managed by devmclkget. Th...

PT-2026-46018

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the dmaengine fsl-edma component where clocks in fsl edma engine::muxclk are allocated and enabled using devm clk get enabled. This function automatically manages...

Linux Distros Unpatched Vulnerability : CVE-2026-46255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsledmaengine::muxclk are allocated and enabled with devmclkgetenabled, which...