EUVD-2026-39893

In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page for early kernel mapping The final part of data, end segment may overflow into the next page of initpgend1 which is the gap page before earlyinitstack2: 1 crasharm64v9.0.1 vtop ffffffed00601000 VIRTUA...

CVE-2026-53277

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walks1 and kvmwalknesteds2 expect to be called while holding kvm-srcu to guard against memslot changes. While this is generally the case,...

CVE-2026-53200

The CVE refers to the Linux kernel KVM on ARM64 where the XN bit handling was broken when FEAT_XNX is not enabled. Specifically, a FIELD_PREP() mask used to clear XN[0] manipulated the wrong bit, unconditionally granting execute permissions. The issue is resolved by correcting the bit manipulatio...

CVE-2026-53200

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

Linux Distros Unpatched Vulnerability : CVE-2026-53036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instructi...

CVE-2026-53036

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fixed the descriptor address in kvmatswapdesc Using “u64 user hva + offset” to obtain the virtual addresses of S1/S2 descriptors seems incorrect, especially when offset is not zero. What we actually want to get for...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ARM: versatile: Added ofnodeput in dcscbinit. The devicenode pointer is returned by offindcompatiblenode, with the reference count incremented. We should use ofnodeput to avoid the reference count leak...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fixed an uninitialized memcache pointer in usermemabort The commit fce886a60207 "KVM: arm64: Investigate the pKVM MMU in KVM" made the initialization of the local memcache variable in usermemabort conditional. As a...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Firmware: armscmi: A consistency check is performed on the mailbox/SMT channel. Upon receiving a completion interrupt, the shared memory area is accessed to retrieve the message header first. If the message sequence number...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt, all online CPUs will be notified and set to offline. However, as highlighted in the commit 19dbdcb8039c “smp: Warn on function...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Avoid clobbering the kernel’s FPSIMD state with SMSTOP. On systems with SME Savage Mode Enforcement, the kernel’s FPSIMD state may be erroneously clobbered during a context switch immediately after that state is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queueprioritymap A critical memory allocation bug was fixed in the edmasetupfromhw function, where queueprioritymap was allocated with insufficient memory. The code declared...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: secretmem: Disable memfdsecret if arch cannot set the direct map. The memfdsecret syscall returns -ENOSYS if !cansetdirectmap is true. This occurs, for example, in some arm64 configurations, where marking 4k PTEs in the direct ma...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of BUGENTRY. When CONFIGDEBUGBUGVERBOSE=n, we fail to add the necessary padding bytes to the bugtable entries. As a result, the last entry in a bug table will be ignored, potentially leadin...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: ARM: footbridge: fixed PCI interrupt mapping Since commit 30fdfb929e82 "PCI: added a call to pciassignirq in pcideviceprobe", the PCI code will call the IRQ mapping function whenever a PCI driver is probed. If these functions...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ARM: fixed the cacheflush issue with PAN. It appears that the cacheflush syscall became corrupted when the LPAE PAN mechanism was implemented. User access was not enabled during the cache maintenance process, which caused the iss...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear the FFR context field in streaming SVE mode The FFR is a predicate register whose size can range from 16 to 256 bits, depending on the configured vector length. When saving the SVE state in streamin...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Fixed a possible memory leak related to ffhctxt. A memory leak may occur if the SMCCC version and conduit checks fail, and the -EOPNOTSUPP error is returned without freeing the allocated memory. The issue was fixed b...