Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mshv: Fixed a use-after-free in the mshvmapusermemory error path. In the error path of mshvmapusermemory, calling vfree directly on the region causes the MMU notifier to remain registered. When the user space later unmaps the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/rds: fixed the possible null dereference of cp The cp parameter may be null. Calling cp-cpconn would result in a null dereference. Simon Horman adds: Analysis: cp is a parameter of rdsrdmamap and is not reassigned. The...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat the remaining value being equal to 0 as an error in findandmapuserpages. Currently, if findandmapuserpages receives a DMA transfer request from the user with a length field set to 0, or in a rare case, when the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevents VMA splitting of buffer mappings. The perfmmap code is careful to map the user page using mmap along with the ringbuffer and the auxiliary buffer, when the event supports this. Once the first mapping is...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

Guests running on Arm can cause Denial of Service DoS attacks on Dom0 through PV devices. When mapping memory pages of guests on Arm, Dom0 uses an rbtree to keep track of the foreign mappings. The update of this rbtree does not always occur completely with the relevant lock held, resulting in a...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: Fixed page mapping issues when vmareaallocpages uses high-order allocation modes with an order of 0 as the default. The vmappagesrangenoflush function assumes that the pages argument contains pages with the same page...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: TCP: fixed page frag corruption upon a page fault. Steffen reported a corruption of the TCP stream for HTTP requests served by the Apache web-server, using a CIFS mount-point and the corresponding file’s memory mapping. The root...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the virtual address and size of the userq buffer. It is necessary to validate the virtual address of the userq object to determine whether it is resident in a valid vm mapping...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: crypto: qat – fix DMA transfer direction When CONFIGDMAAPIDEBUG is enabled, during the execution of the crypto self-test for QAT crypto algorithms, the function adddmaentry reports a warning indicating that overlapping mapping...

CVE-2026-10635

CVE-2026-10635 affects Zephyr v4.4.0 on Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU. The bug arises when destroying a memory domain via k_mem_domain_deinit(): the page-table code keeps a global xtensa_domain_list entry for the domain, but the node is not removed, leaving a dangling...

CVE-2026-10635 Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init

On Xtensa targets with CONFIGUSERSPACE and CONFIGXTENSAMMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensadomainlist, of active memory domains using a list node embedded inside the caller-owned struct kmemdomain. When a domain is destroyed via kmemdomaindeinit -...

EUVD-2026-37036

On Xtensa targets with CONFIGUSERSPACE and CONFIGXTENSAMMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensadomainlist, of active memory domains using a list node embedded inside the caller-owned struct kmemdomain. When a domain is destroyed via kmemdomaindeinit -...

PT-2026-49810

In OSMMapPMRGeneric of pmr os.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2026:2385-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2385-1 advisory. - CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when...

Security update for qemu

This update for qemu fixes the following issues: CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption bsc1256484. CVE-2026-2243: incorrect bounds check leads to heap...

sliff-driv-exploit

SliffDriver LPE Local privilege escalation exploit for a sign...

kernel: Linux kernel: Denial of Service in erofs filesystem

A flaw was found in the Linux kernel's erofs filesystem. A remote attacker can exploit this vulnerability without requiring any privileges. This issue occurs when insufficient memory during a memory mapping operation vmmapram in the bio completion path leads to a deadlock, causing a Denial of...

PT-2026-47783

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA/rxe component regarding incorrect iova-to-va I/O virtual address to virtual address conversion when memory regions MRs have page sizes different from the syst...

CVE-2026-46311

A flaw was found in the Linux kernel. This vulnerability, located in the drm/amdgpu/userq component, involves improper handling of memory mappings. A local attacker could potentially exploit a race condition during queue creation, where a memory object is unmapped while another is being assigned ...

EUVD-2026-35122

In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vmaflags in vb2dmasgmmap vb2dmacontig sets VMA flags VMDONTEXPAND and VMDONTDUMP and I do not see a reason why vb2dmasg should behave differently. This avoids hitting WARNON!vma-vmflags & VMDONTEXPAND; in...