Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: x86/mm/64: Defined ARCHPAGETABLESYNCMASK and archsynckernelmappings. These definitions ensure that page tables are properly synchronized when calling pdpopulatekernel. For 5-level paging, synchronization is performed via...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fsmapblocks in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace:...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: gso: It is now forbidden to perform IPv6 TSO with extensions on devices that only have IPV6CSUM available. When performing Generic Segmentation Offload GSO on an IPv6 packet that contains extension headers, the kernel...

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: afunix: Do not leave consecutive consumed OOB skb’s in the recv queue. Jann Horn reported a use-after-free in the unixstreamreadgeneric function. The following sequences reproduce the issue: $ python3 from socket import s1, s2...

CVE-2025-40086

CVE-2025-40086 affects the Linux kernel DRM XE path. An array of VM binds could evict other buffer objects (BOs) within the same VM, potentially causing NULL pointer dereferences in the bind pipeline. The fix clears the allow_res_evict flag in xe_bo_validate (and there was a follow‑up commit that...

EUVD-2025-36664

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transportipc: validate payload size before reading handle handleresponse dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message fr...

CVE-2025-40085 ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in trytoregistercard In trytoregistercard, the return value of usbifnumtoif is passed directly to usbinterfaceclaimed without a NULL check, which will lead to a NULL pointer dereference...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Out-of-bounds Read (CVE-2024-50301)

In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in keytaskpermission. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Out-of-bounds Read (CVE-2024-46743)

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

UBUNTU-CVE-2025-40038

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid Skip the WRMSR and HLT fastpaths in SVM's VM-Exit handler if the next RIP isn't valid, e.g. because KVM is running with nrips=false. SVM must decode and emulate...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26993)

In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfsbreakactiveprotection This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC Devices Improper Synchronization (CVE-2024-53042)

In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow There are code paths from which the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning 1. Fix by using...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Out-of-bounds Write (CVE-2024-47697)

In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Ensure index in rtl2830pidfilter does not exceed 31 to prevent out-of-bounds access. dev-filters is a 32-bit value, so setbit and clearbit functions should...

Siemens SIMATIC Devices Incomplete Cleanup (CVE-2024-50148)

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in protounregister As bnepinit ignore bnepsockinit's return value, and bnepsockinit will cleanup all resource. Then when remove bnep module will call bnepsockcleanup to cleanup sock's...

EUVD-2022-54510

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix call trace in setuptxdescriptors After PF reset and ethtool -t there was call trace in dmesg sometimes leading to panic. When there was some time, around 5 seconds, between reset and test there were no errors. Problem w...

EUVD-2023-60002

In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c "arm64: csum: Fix pathological zero-length calls" added an early return for zero-length input, syzkaller has popped up with an...

CVE-2023-53703 HID: amd_sfh: Fix for shift-out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Fix for shift-out-of-bounds Shift operation of 'exp' and 'shift' variables exceeds the maximum number of shift values in the u32 range leading to UBSAN shift-out-of-bounds. ... 6.120512 UBSAN: shift-out-of-bounds in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987555)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987555 advisory. In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpccall struct has a timer used to...

CVE-2025-40011

CVE-2025-40011 affects the Linux kernel DRM GMA500 HDMI teardown path. The vulnerability arises from a null-dereference when the driver’s pdev->driver_data is NULLed by pci_set_drvdata and then dereferenced in oaktrail_hdmi_i2c_exit to extract the i2c_dev. The underlying issue is in the sequen...

CVE-2025-39991 wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix NULL dereference in ath11kqmim3load If ab-fw.m3data points to data, then fw pointer remains null. Further, if m3mem is not allocated, then fw is dereferenced to be passed to ath11kerr function. Replace fw-size b...