265 matches found
CVE-2026-53311
In the Linux kernel, the following vulnerability has been resolved: fuse: fix uninit-value in fusedentryrevalidate fusedentryrevalidate may be called with a dentry that didn't had -dtime initialised. The issue was found with KMSAN, where lookupopen calls dalloc, followed by drevalidate, as shown...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: hfs: fixed the issue where fields of hfs inodeinfo were initialized after hfsallocinode Syzbot reports an issue with accessing uninitialized values as follows: loop0: detected a change in capacity from 0 to 64...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: net/9p: Fixed an issue related to uninit-value in p9clientrpc. Syzbot, with the help of KMSAN, reported the following errors: BUG: KMSAN: uninit-value in trace9pclientres, include/trace/events/9p.h:146 inline BUG: KMSAN:...
CVE-2026-46169
The CVE-2026-46169 case concerns the Linux kernel HFS Plus (HFS+) filesystem. The root cause is that hfs_brec_read() validates only that entrylength fits a buffer but does not confirm that the on-disk catalog record size matches the expected type, allowing partial reads on corrupted filesystems. ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fixed race conditions related to access to midibuf. There can be concurrent accesses to line6’s midibuf from both the URB completion callback and the rawmidi API. This could trigger KMSAN warnings triggered by...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Mark the bpf prog stack with kmsanunpoisonmemory in interpreter mode. syzbot reported uninitialized memory usage during maplookup,deleteelem. ========== BUG: KMSAN: uninitvalue in devmaplookupelem kernel/bpf/devmap.c:441...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: virtio/vsock: Fixed an uninit-value issue in virtiotransportrecvpkt KMSAN reported the following uninit-value access issues: ===================================================== BUG: KMSAN: uninit-value in...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: ath9khtc: fixed uninitialized values issues Syzbot reported 2 KMSAN bugs in ath9k. All of these bugs are caused by missing field initialization. In htcconnectservice, svcmetalen and pad are not initialized. Based on the code, ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: llc: Support for ETHPTR8022 has been removed. The syzbot reported a bug related to uninit-values. 0 llc previously supported ETHP8022 0x0004 and also ETHPTR8022 0x0011. The syzbot exploited this to trigger the bug. The code us...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of usbnet read calls Syzkaller, with the help of syzbot, identified an error in the aqc111 driver. This error was caused by incomplete sanitization of the results of usbnet read calls. This...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: Fixed an uninitialized value in ocfs2filereaditer. Syzbot has reported the following KMSAN errors: BUG: KMSAN: Uninitialized value in ocfs2filereaditer+0x9a4/0xf80; ocfs2filereaditer+0x9a4/0xf80; ioread+0x8d4/0x20f0;...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netlink: added nla be16/32 types to the minlen array BUGs: KMSAN: uninit-value in nlavalidaterangeunsigned, lib/nlattr.c:222 inline BUGs: KMSAN: uninit-value in nlavalidateintrange, lib/nlattr.c:336 inline BUGs: KMSAN:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ethtool: Fixed an issue where the uninitialized number of lanes was used. It is not possible to set the number of lanes when adjusting link modes using the legacy IOCTL ethtool interface. Since the structure struct...
CVE-2026-43139
The CVE-2026-43139 entry concerns the Linux kernel xfrm6 subsystem. The issue arises in xfrm6_get_saddr() which does not check the return value of ipv6_dev_get_saddr(); when ipv6_dev_get_saddr() fails with -EADDRNOTAVAIL, saddr->in6 remains uninitialized and xfrm6_get_saddr() incorrectly retur...
CVE-2026-43036 net: use skb_header_pointer() for TCPv4 GSO frag_off check
In the Linux kernel, the following vulnerability has been resolved: net: use skbheaderpointer for TCPv4 GSO fragoff check Syzbot reported a KMSAN uninit-value warning in gsofeaturescheck called from netifskbfeatures 1. gsofeaturescheck reads iph-fragoff to decide whether to clear mangleidfeatures...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013764)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013764 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: idmouse: fix an uninit-value in idmouseopen In idmousecreateimage, if any ftipcommand fails,...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012995)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012995 advisory. In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplusdeletecat The syzbot reported issue in...
SUSE CVE-2025-68751
In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpuvstl A false-positive kmsan report is detected when running ping command. An inline assembly instruction 'vstl' can write varied amount of bytes depending on value of 'index'...
CVE-2025-68751
In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpuvstl A false-positive kmsan report is detected when running ping command. An inline assembly instruction 'vstl' can write varied amount of bytes depending on value of 'index'...
CVE-2025-68751
In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpuvstl A false-positive kmsan report is detected when running ping command. An inline assembly instruction 'vstl' can write varied amount of bytes depending on value of 'index'...