CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix pin leak and publication ordering in pkvminitvcpu Two bugs exist in the vCPU initialisation path: 1. If a check fails after hyppinsharedmem succeeds, the cleanup path jumps to 'unlock' without calling unpinhostvcp...

CVE-2026-45876

arm64/gcs: Fix error handling in archsetshadowstackstatus...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several issues with the way the hyp code lazily saves the host’s FPSIMD/SVE state. These include: The host SVE state is unexpectedly discarded due to...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: efi: Make efirtlock a rawspinlock Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: A sleeping function is called from an invalid context at kernel/locking/spinlockrt.c:46 inatomic: 1...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: perf: Fixed the issue with sample generation versus doexit. Baisheng Gao reported a crash in ARM64 mode. Mark interpreted this as a synchronous external abort—most likely due to attempting to access MMIO in a faulty way. The...

USN-8200-3: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; CVE-2022-49046,...

CVE-2026-43261

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

DEBIAN-CVE-2026-31553

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor address in kvmatswapdesc Using "u64 user hva + offset" to get the virtual addresses of S1/S2 descriptors looks really wrong, if offset is not zero. What we want to get for swapping is hva + offset,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of large leaf maps during ARM64 memory management. This improper handling led t...

USN-8200-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; CVE-2022-49046,...

CVE-2026-31466

CVE-2026-31466 affects the Linux kernel; root cause is a race in softleaf_to_folio() related to missing memory barrier (smp_rmb) when handling migration/compound pages, leading to potential incorrect folio modification. The issue was addressed by adding the missing memory barrier in softleaf_to_f...

Ubuntu Pro FIPS-updates 24.04 LTS : Linux kernel (Azure FIPS) vulnerabilities (USN-8165-1)

"The remote Ubuntu Pro FIPS-updates 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8165-1 advisory. Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker...

CVE-2026-34971

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64

...

SUSE CVE-2026-23316

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed struct sysctlfibmultipathhashseed contains two u32 fields userseed and mpseed, making it an 8-byte structure with a 4-byte alignment requirement. In...

CVE-2026-23345

A flaw was found in the Linux kernel. When the FEATLPA2 feature is enabled on ARM64 systems, the kernel incorrectly handles the PTESHARED bits in Graphics Control System GCS memory mappings. This misconfiguration can lead to a kernel paging request and subsequently a system panic, resulting in a...

CVE-2026-23316

A flaw was found in the Linux kernel's handling of multipath hash seeds on ARM64 architectures. This vulnerability can lead to a system crash kernel panic when the kernel is compiled with specific optimizations, such as Clang with Link-Time Optimization LTO, due to an alignment fault during memor...

EUVD-2026-15263

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed struct sysctlfibmultipathhashseed contains two u32 fields userseed and mpseed, making it an 8-byte structure with a 4-byte alignment requirement. In...

CVE-2026-23383

CVE-2026-23383 affects the Linux kernel’s BPF JIT path on arm64. The root cause was 4-byte alignment in bpf_jit_binary_pack_alloc() causing the JIT buffer’s base to be only 4-byte aligned, which could misalign the 64-bit target field in struct bpf_plt. Consequences include UBSAN misaligned-access...

CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()

In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremapprot The only caller of ioremapprot outside of the generic ioremap implementation is genericaccessphys, which passes a 'pgprott' value determined from the user mapping of the target...