Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: seg6: Fixed parameter passing when calling NFHOOK in the End.DX4 and End.DX6 behaviors. The functions inputactionenddx4 and inputactionenddx6 call NFHOOK for the PREROUTING hook. During the PREROUTING hook, a valid indev and a...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Handling of errors when calling otx2mboxgetrsp in otx2dmacflt.c has been improved. A check for an error pointer was added after calling otx2mboxgetrsp...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Fixed the BUGON in mmapPROTWRITE, MAPPRIVATE. A lack of check for copy-on-write COW mapping in drmgemshmemmmap allows users to call mmap with PROTWRITE and MAPPRIVATE flags, causing a kernel panic due to BUGON i...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fixed the use-after-free of rsvqp on HIP08. Currently, rsvqp is freed before the ibunregisterdevice function is called on HIP08. During this time interval, users can still deregister MR, and rsvqp will be used in this...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: The SoC driver needs to be probed as a platform driver. With driverasyncprobe= in the kernel command line, the following trace was produced because on the i.MX8M Plus hardware, the soc-imx8m.c driver calls clkgetbynam...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nvme-pci: added a missing condition check for the existence of the mapped data. The function nvmemapdata is called when the request contains physical segments; therefore, the function nvmeunmapdata should also have the same...

DEBIAN-CVE-2025-21648

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INTMAX Use INTMAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is...

UBUNTU-CVE-2025-21637

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udpport: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

CVE-2025-21652 ipvlan: Fix use-after-free in ipvlan_get_iflink().

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlangetiflink. syzbot presented an use-after-free report 0 regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is...

DEBIAN-CVE-2024-57892

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqipriv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quotagetnextquota. Specifically, sbdqinfosb,...

UBUNTU-CVE-2025-21629

In the Linux kernel, the following vulnerability has been resolved: net: reenable NETIFFIPV6CSUM offload for BIG TCP packets The blamed commit disabled hardware offoad of IPv6 packets with extension headers on devices that advertise NETIFFIPV6CSUM, based on the definition of that feature in...

CVE-2025-21630

...

CVE-2024-57894

CVE-2024-57894 is rejected/not used per the Initial Description.

CVE-2024-48881

In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing ISERRORNULL with ISERR again Commit 028ddcac477b "bcache: Remove unnecessary NULL point check in node allocations" leads a NULL pointer deference in cachesetflush. 1721 if !ISERRORNULLc-root 1722...

CVE-2024-57800 ALSA: memalloc: prefer dma_mapping_error() over explicit address checking

In the Linux kernel, the following vulnerability has been resolved: ALSA: memalloc: prefer dmamappingerror over explicit address checking With CONFIGDMAAPIDEBUG enabled, the following warning is observed: DMA-API: sndhdaintel 0000:03:00.1: device driver failed to check map errordevice...

CVE-2024-54460 Bluetooth: iso: Fix circular lock in iso_listen_bis

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in isolistenbis This fixes the circular locking dependency warning below, by releasing the socket lock before enterning isolistenbis, to avoid any potential deadlock with hdev lock. 75.307983...

CVE-2024-54191 Bluetooth: iso: Fix circular lock in iso_conn_big_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in isoconnbigsync This fixes the circular locking dependency warning below, by reworking isosockrecvmsg, to ensure that the socket lock is always released before calling a function that locks hde...

CVE-2024-41935 f2fs: fix to shrink read extent node in batches

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to shrink read extent node in batches We use rwlock to protect core structure data of extent tree during its shrink, however, if there is a huge number of extent nodes in extent tree, during shrink of extent tree, it ma...

OESA-2025-1035 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix PCI device refcount leak in dmardevscopeinit foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase...

CVE-2024-56779 nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4openowner leak when concurrent nfsd4open occur The action force umountumount -f will attempt to kill all rpctask even umount operation may ultimately fail if some files remain open. Consequently, if an action attemp...