752 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fixed the order of DT parsing and pinctrl registration. The order of operations has been changed—DT parsing is performed before pinctrl registration. This ensures that device tree parsing is done before...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Regulator: da9063 – A better fix for null dereferencing with partial DT. Two versions of the original patch were sent, but Version 1 was merged instead of Version 2 due to a mistake. Therefore, update to Version 2. The advantage ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When ofirqparseraw is invoked with a device address smaller than the interrupt parent node from address-cells property, KASAN detects the following...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: PCI: Keystone: Fixed a NULL pointer dereferencing issue in case of a DT error in kspciesetuprcapp regs. If IORESOURCEMEM is not provided in the Device Tree due to any error, resourcelistfirsttype will return NULL, and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Reading the IOMMU Stream ID from the device tree Nvidia’s Tegra MGBE controllers require the IOMMU “Stream ID” SID to be written to the MGBEWRAPAXIASID0CTRL register. The current driver is hardcoded to u...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: gpio: davinci: Validate the obtained number of IRQs. The value of pdata-gpiounbanked is retrieved from the Device Tree. If the Device Tree is corrupted due to any error, this value can be arbitrary. Without this value validation,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: pmdomain: arm: Fixed NULL dereference upon removal of scmiperfdomain When the scmiperfdomain module was unloaded, a segmentation fault occurred. In the test system provided to the system under test, the power-domain-cells...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: croseccodec: Fixed a refcount leak in croseccodecplatformprobe. The ofparsephandle function returns a node pointer with a refcount incremented; we should use ofnodeput on it when there is no longer a need for it. Add the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: pinctrl: canaan: k230: added a NULL check in DT parsing. A NULL check was also added for the return value of ofgetproperty when retrieving the “pinmux” property in the group parser. This prevents a potential NULL pointer...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: qcom: bamdma: Fixed error handling for num-channels/ees When there is no clock specified in the device tree, there is no way to ensure that BAM is enabled. This often occurs for remotely controlled or remotely power...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: MIPS: Loongson64: DTS: Actually fixed the PCIe port nodes for ls7a. Fixed the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning interruptprovider: /bus@10000000/pci@1a000000: interrupt-cells was foun...
Linux Distros Unpatched Vulnerability : CVE-2025-71300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert arm64: zynqmp: Add an OP-TEE node to the device tree This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically...
SUSE CVE-2025-71300
In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...
spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing
...
SUSE CVE-2026-43165
In the Linux kernel, the following vulnerability has been resolved: hwmon: nct7363 Fix a resource leak in nct7363presentpwmfanin When calling ofparsephandlewithargs, the caller is responsible to call ofnodeput to release the reference of device node. In nct7363presentpwmfanin, it does not release...
SUSE CVE-2026-43281
In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fwmboxindexxlate Although it is guided that mbox-cells must be at least 1, there are many instances of mbox-cells = ; in the device tree. If that is the case and the corresponding mailbox...
CVE-2025-71300
A flaw was found in the Linux kernel, specifically within the OP-TEE Open Portable Trusted Execution Environment integration with U-Boot. The U-Boot's OP-TEE logic automatically injects a reserved-memory node into the kernel device tree. However, a manually defined OP-TEE node in zynqmp.dtsi...
CVE-2025-71299
A flaw was found in the Linux kernel's spi-cadence-quadspi driver. When processing Device Tree DT descriptions for attached flash devices, a missing or broken DT description can lead to a runtime power management PM disable in the error handling path of the probe function. This can result in...
EUVD-2025-209749
In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...
CVE-2025-71299
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...