Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/setmemory: Avoid spinlock recursion in changepageattr The commit 1f9ad21c3b38 “powerpc/mm: Implement setmemory routines” included a spinlock call in changepageattr in order to safely perform the three-step operations...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support for specifying the srptserviceguid parameter. The current behavior is that setting this parameter while loading the ibsrpt kernel module triggers a kernel crash. BUG: Kernel NULL pointer dereferencing, address:...

CVE-2026-31776

CVE-2026-31776 affects the Linux kernel via ALSA ctxfi SPDIF1 handling. The issue occurs in daio_device_index() for SPDIF1 (hw20k2) where the index is not properly handled, leading to an out-of-bounds access. Affected code path is fixed upstream by returning the correct index, mirroring the hw20k...

CVE-2026-31759

CVE-2026-31759 affects the Linux kernel USB ULPI path (usb: ulpi) where a double free could occur in ulpi_register_interface() after a failed device_register(), because the error path freed ulpi twice. The root cause is a missing delegation of cleanup to put_device() via ulpi_dev_release(), preve...

CVE-2026-31686

CVE-2026-31686 concerns the Linux kernel kasan double-free in kasan_remove_zero_shadow related to kasan_free_pxd() handling of pxd_page() vs start of the pxd table on architectures like PowerPC with 64K pages. The issue arises when the PUD table is not page-aligned, risking double-free during mem...

CVE-2026-31635 rxrpc: fix oversized RESPONSE authenticator length check

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...

kernel: smc: Fix use-after-free in __pnet_find_base_ndev()

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011087)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011087 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode ha...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007571)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007571 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible UAF when remounting r/o a mmp-protected file system After commit 618f003199c6...

EUVD-2026-21946

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsflow: fix NULL pointer dereference on shared blocks flowchange calls tcfblockq and dereferences q-handle to derive a default baseclass. Shared blocks leave block-q NULL, causing a NULL deref when a flow filter witho...

CVE-2026-31411 net: atm: fix crash due to unvalidated vcc pointer in sigd_send()

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

CVE-2026-23427 ksmbd: fix use-after-free in durable v2 replay of active file handles

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...

PT-2026-30126

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in aml spisg probe In aml spisg probe, ctlr is allocated by spi alloc target/spi alloc host, but fails to call spi controller put in several error paths. This leads to a memory leak whenever th...

EUVD-2026-15396

In the Linux kernel, the following vulnerability has been resolved: afunix: Give up GC if MSGPEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a race with MSGPEEK with a nice repro. This is the exact same issue previously fixed by commit cbcf01128d0...

CVE-2026-23361

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dwpcieepraisemsixirq to raise an MSI-X interrupt to the host using a writel, which generates a PCI posted write transaction. There's no completio...

Siemens SIMATIC S7-1500 Missing Release of Memory after Effective Lifetime (CVE-2025-38124)

In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skbsegment after pull from fraglist Commit a1e40ac5b5e9 net: gso: fix udp gso fraglist segmentation after pull from fraglist detected invalid geometry in fraglist skbs and redirects them from skbsegmentlist to mo...

UBUNTU-CVE-2026-23232

In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: block cache/dio write during f2fsenablecheckpoint" This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a. Original patch may cause below deadlock, revert it. write remount - writebegin - lockpage --- lock A -...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005694)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005694 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fix PM usage counter unbalance in poweron pmruntimegetsync will increment pm...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005802)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005802 advisory. In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007i2cxfer In az6007i2cxfer, msg is controlled by user...

CVE-2026-23207

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread with the spinlock. Without this protection, the...