136 matches found
CVE-2026-53153
A flaw was found in the Linux kernel's memory cgroup memcg listlru component. A race condition occurs during the reparenting of listlru entries when an xarray entry is cleared before its associated lists are fully reparented. This allows concurrent operations to modify list pointers under differe...
EUVD-2026-39253
In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in refillstock Harry Yoo reported that getrandomu32below is not safe to call in the nmi context and memcg charge draining can happen in nmi context. More specifically getrandomu32below is...
CVE-2026-53162 memcg: use round-robin victim selection in refill_stock
In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in refillstock Harry Yoo reported that getrandomu32below is not safe to call in the nmi context and memcg charge draining can happen in nmi context. More specifically getrandomu32below is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm/slub: A check for s-flags was added in the alloctaggingslabfree hook function. When CONFIGMEMCG, CONFIGKFENCE, and CONFIGKMEMLEAK are enabled, the following warning always occurs. This is because the following call stack...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: mm: kmem: fixed a NULL pointer dereference in objstockflushrequired KCSAN identified an issue in objstockFlushRequired: stock-cachedobjcg can be reset between the check and dereference...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: memcontrol: Ensure that the memcg acquired by the id is properly set up. In the eviction recency check, we attempt to retrieve the memcg to which the folio belonged when it was evicted, by using the memcg id stored in the shadow...
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcgpath kfree with damonsysfslock Patch series "mm/damon/sysfs-schemes: fix use-after-free for memcgpath". Reads of 'memcgpath' and 'path' files in DAMON sysfs interface could race with their...
CVE-2026-46067
mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp...
Linux Distros Unpatched Vulnerability : CVE-2026-43287
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm: Account property blob allocations to memcg DRMIOCTLMODECREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory...
From Storage to Steering: Memory Control Flow Attacks on LLM Agents
Modern agentic systems allow Large Language Model LLM agents to tackle complex tasks through extensive tool usage, forming structured control flows of tool selection and execution. Existing security analyses often treat these control flows as ephemeral, one-off sessions, overlooking the persisten...
Secure In-Memory Execution with W^X Enforcement Using mprotect
This C program demonstrates how to dynamically control memory allocation with the W^X protection principle...
CVE-2026-23219
In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be noticed: 3959.023862 ------------ cut here ------------ 3959.023891 alloctag was not clear...
CVE-2026-23219
In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be noticed: 3959.023862 ------------ cut here ------------ 3959.023891 alloctag was not clear...
CVE-2026-23219 mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single
In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be noticed: 3959.023862 ------------ cut here ------------ 3959.023891 alloctag was not clear...
CVE-2026-23219
CVE-2026-23219 concerns the Linux kernel (mm/slab) where alloc_tagging_slab_free_hook was not invoked in memcg_alloc_abort_single, causing a spurious warning: “alloc_tag was not cleared …” when CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled. The issue arises because the existing __memcg_slab_post_al...
PT-2026-20431
In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloc tagging slab free hook for memcg alloc abort single When CONFIG MEM ALLOC PROFILING DEBUG is enabled, the following warning may be noticed: 3959.023862 ------------ cut here ------------ 3959.023891 alloc tag w...
PT-2026-5507
In the Linux kernel, the following vulnerability has been resolved: rust binder: remove spin lock in rust shrink free page When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/list lru: split the lock to per-cgroup scope" into account, and apparently I did not end...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Ensure that memcg is instructed to use allowspinning=false in bpftimerinit. Currently, calling bpfmapkmallocnode from bpfasyncinit can cause various locking issues; see the following stack trace edited for style as an...
CVE-2025-13945 Improperly Controlled Sequential Memory Allocation in Wireshark
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service...
Siemens SCALANCE and RUGGEDCOM Devices Integer Overflow or Wraparound (CVE-2024-53161)
EDAC/bluefield: potential integer overflow The 64-bit argument for the get DIMM info SMC call consists of memctrlidx left-shifted 16 bits and OR-ed with DIMM index. With memctrlidx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation o...