Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: clocksource/drivers/cadence-ttc: Fixed a memory leak in ttctimerprobe. Matching reports: drivers/clocksource/timer-cadence-ttc.c: Line 529, ttctimerprobe; Warning: ‘timerbaseaddr’ from ofiomap is not released on lines...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: For clk: imx: clk-imx8mp, the error handling in imx8mpclocksprobe has been improved. ofiomap and kzalloc have been replaced with devmofiomap and devmkzalloc. This allows for automatic release of the associated memory when the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: fix memleak on platformdeviceadd fails No error handling is performed when platformdeviceadd fails. Error processing should be added before returning from the function, and the return value has been modified...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed an array-index-out-of-bounds issue in dcn35clkmgr. Why There is a potential memory access violation during the iteration of the dcn35 clks’ array. How The iteration rate per array size has been limited...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update the logic to calculate the D value for RCG. The display pixel clock has a requirement on certain newer platforms to support M/N as 2/3, and the final D value calculated results in underflow errors. As...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fixed a potential memory leak in devmrtcallocatedevice devmrtcallocatedevice will first allocate an rtcdevice, and then call devsetname. If devsetname fails, the rtcdevice will cause a memory leak. We’ve moved...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: Do not prepare/unprepare the clock during runtime suspend/resume If there is any clock controller attached to this I2C bus controller, such as Versaclock or an AIC32x4 I2C codec, then an I2C transfer triggered by th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Prevent out-of-bounds access The while loop in raspberrypidiscoverclocks relies on the assumption that the ID of the last clock element is zero. Since this data comes from the Videocore firmware, and it does not...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ep93xx: clock: Fix for an offset of one in ep93xxdivrecalcrate. The psc-div array contains psc-numdiv elements. These values are derived from when we call clkhwregisterdiv. The size of these values is determined by...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: davinci: A NULL check was added in davincilpscclkregister. devmkasprintf returns NULL when memory allocation fails. Currently, davincilpscclkregister does not check for this case, resulting in a NULL pointer being...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign normalizedpixclk when color depth = 14 WHY & HOW A warning message appears: “WARNING: CPU: 4 PID: 459 at …/dcresource.c:3397 calculatephypixclks+0xef/0x100 amdgpu”. This occurs because the condition...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: hwrng: ks-sa – fix division by zero in kssarnginit The issue of division by zero in kssarnginit was caused by missing clock pointer initialization. The clkgetrate function calls are performed on an uninitialized clk pointer,...

Linux Distros Unpatched Vulnerability : CVE-2026-43015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: macb: fix clk handling on PCI glue driver removal platformdeviceunregister may still want to use the registered clks during runtime resume callback. Note...

CVE-2026-43015

A flaw was found in the Linux kernel’s macb network driver. Improper handling of clock resources during the removal of a PCI Peripheral Component Interconnect device driver can lead to a use-after-free vulnerability. A local attacker could exploit this by performing specific module operations,...

CVE-2026-43015

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix clk handling on PCI glue driver removal platformdeviceunregister may still want to use the registered clks during runtime resume callback. Note that there is a commit d82d5303c4c5 "net: macb: fix use after free on...

CVE-2026-43014

In the Linux kernel, the following vulnerability has been resolved: net: macb: properly unregister fixed rate clocks The additional resources allocated with clkregisterfixedrate need to be released with clkunregisterfixedrate, otherwise they are lost...

CVE-2026-31756

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...

EUVD-2026-26614

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix clk handling on PCI glue driver removal platformdeviceunregister may still want to use the registered clks during runtime resume callback. Note that there is a commit d82d5303c4c5 "net: macb: fix use after free on...

CVE-2026-43015

The CVE-2026-43015 issue is in the Linux kernel macb PCI glue driver where clk handling during platform_device_unregister() can be used after the device is unregistered. The root cause is that platform_device_unregister may still use registered clks during a runtime resume callback, leading to a ...

CVE-2026-43015

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix clk handling on PCI glue driver removal platformdeviceunregister may still want to use the registered clks during runtime resume callback. Note that there is a commit d82d5303c4c5 "net: macb: fix use after free on...