415 matches found
K000161867: Linux kernel vulnerabilities CVE-2026-23291, CVE-2026-23292, CVE-2026-23298, and CVE-2026-23304
Security Advisory Description CVE-2026-23291 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: Avoid scheduling the deletion of associations twice. When forcibly shutting down a port via the configfs interface, nvmetportsubsysdroplink first calls nvmetportdelctrls, and then nvmetdisableport. Both functions will...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint – Avoid creating sub-groups asynchronously Asynchronous creation of sub-groups by a delayed operation could lead to a NULL pointer dereference when the driver directory is removed before the operation completes. The...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: nullblk: The issue of kmemleak was fixed by releasing references to fault-configfs items. When CONFIGBLKDEVNULLBLKFAULTINJECTION is enabled, the null-blk driver sets up fault injection support by creating configfs items such as...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nullblk: Always check the queue mode setting from configfs. Make sure to check the device queue mode in the nullvalidateconf function, and return an error for NULLQRQ since we do not allow legacy I/O paths. Without this patch, we...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint: Fixed incorrect parameter order in functions pciprimary/epcepfunlink and pcisecondary/epcepfunlink. The callbacks for struct configfsitemoperations are defined as follows: c int allowlinkstruct configitem src, stru...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: configfs-tsm-report: Fixed the NULL dereference of tsmops. Unlike sysfs, the lifetime of configfs objects is controlled by userspace. There is no mechanism for the kernel to find and delete all created config-items. Instead, t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Use the correct buffer size when parsing configfs lists This commit fixes the support for the uvc gadget on 32-bit platforms. The commit 0df28607c5cb “usb: gadget: uvc: Generalize helper functions for reuse”...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nullblk: Fixed a issue where a NULL pointer dereference occurred when configuring ‘power’ and ‘submitqueues’. Writing ‘power’ and ‘submitqueues’ concurrently would trigger a kernel panic. Test script: bash modprobe nullblk...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netconsole: The sumutex should be acquired before navigating the configs hierarchy. There is a race between operations that iterate over the cgchildren list and concurrent additions/removals of userdata items through configfs. Th...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iio: core: Prevent invalid memory access when there is no parent device. The commit 813665564b3d “iio: core: Convert to use the firmware node handle instead of the OF node” changed the type of nodes used for label retrieval in...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fixed OOB read on empty string write When writing an empty string to either ‘qwsign’ or ‘landingPage’ sysfs attributes, the store functions attempt to access pagel – 1 before verifying that the length ‘l’ i...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: blk-mq: The issue of tag leaks during the shrink nrhwqueues operation has been fixed. Although we don’t need to reallocate the set-tags array when performing shrink nrhwqueues, we still need to free those tags. Otherwise, these...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint: pci-epf-vntb: Remove duplicate resource teardown The epfntbepcdestroy function duplicates the teardown that the caller is supposed to perform later. This leads to an error when .allowlink fails, or when .droplink i...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Added a length check to avoid buffer overflow. A buffer overflow occurs due to the use of snprintf to write data into the buffer “buf” in the targetlugpmembersshow function located in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses a guard mutex to protect the device structure. However, the device is freed before the mutex cleanup runs, causing mutexunlock to opera...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23032)
In the Linux kernel, the following vulnerability has been resolved: nullblk: fix kmemleak by releasing references to fault configfs items When CONFIGBLKDEVNULLBLKFAULTINJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeoutinject, requeueinject, and...
OESA-2026-2493 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in configfsopenfile In flushwritebuffer, &p-fragsem is acquired and then the loaded store function is called, which, here, is...
scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
...
SUSE CVE-2026-46149
In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...