Linux Distros Unpatched Vulnerability : CVE-2026-53104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues...

EUVD-2026-38972

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues with WED enabled. Destroy the pagepool running mt76dmacleanup routine...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: gpio: aggregator: Protect driver attr handlers against module unload Both newdevicestore and deletedevicestore access module global resources e.g., gpioaggregatorlock. To prevent race conditions during module unloading, a...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: A use-after-free issue in getinfo has been fixed. When the ip6tablenat module is unloaded, a refcnt warning occurs due to a UAF. The call trace is as follows: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: EDAC/igen6: Avoid segmentation faults during module unloading. The segmentation fault occurs because: During modprobe: 1. In igen6probe, igen6pvt is allocated using kzalloc. 2. In igen6registermci, mci-pvtinfo points to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed the destruction of kthread workers in polling mode. The cleanup order in polling mode irq worklist and WARNON!listempty&worker-delayedworklist. The original code called kthreadDestroyWorker before...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: fixed a double-free issue during the unloading of the amdgpu module Flexible endpoints use DIGs from available inflexible endpoints; therefore, only the encoders of inflexible links need to be freed. Otherwise...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call isoexit when unloading a module. If isoinit is called, isoexit must also be called when unloading the module. Without this, the struct proto that isoinit registered with protoregister becomes invalid, which could...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: orangefs: The issue in kmemleak in orangefspreparedebugfshelpstring has been fixed. When inserting or removing the orangefs module, the debughelpstring variable may be leaked: - Unreferenced object: 0xffff8881652ba000 size 4096 -...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Do not wait in vain when unloading the module. There is a race condition in the module exit path, where both deleting all controllers and freeing the “leftover IDs” occur simultaneously. To prevent double-freeing, a...

Astra Linux – Vulnerability in grub2

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory use-after-free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, for the dsa module, the microchip function has been updated to include a condition for scheduling the kszmibreadwork function. When the ksz module is installed or removed using the rmmod command, the kernel...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Input: i8042 – fixed the issue of leaking the platform device when the module was removed. Avoid resetting the i8042platformdevice pointer that is shared across modules in i8042probe or i8042remove. This ensures that the device c...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: ti: am65-cpsw: Fixed segmentation fault during module unloading. The call to am65cpswnussphylinkcleanup has been moved to after am65cpswnusscleanupndev, so phylink remains valid. This prevents the segmentation faul...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fixed potential crashes during module unloading. The vmbus driver relies on the panic notifier infrastructure to perform certain operations when a panic event is detected. Since vmbus can be built as a module,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: Fixed null-ptr-deref in socklockinitclassandname and rmmod. When I ran the reproduction steps and waited for a few seconds, I observed two LOCKDEP warnings: a warning immediately followed by a null-ptr-deref. 1 Reproduction...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: proc: Fixed a UAF in procgetinode. Fixed a race condition between rmmod and the instantiation of /proc/XXX’s inode. The bug is that pde-procops does not belong to /proc; it belongs to a module. Therefore, dereferencing it afte...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The rcubarrier function was called in ksmbdserverexit. The bug is triggered due to racing between closing a connection and the rmmod operation. In ksmbd, rcubarrier is not called at the time of module unloading, so nothing...

SUSE CVE-2026-46310

In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1drmcleanup where it should be calling...

CVE-2026-46310

A flaw was found in the Linux kernel's media: renesas: vsp1 component. When unloading the module on generation 4 hardware, an incorrect cleanup function is called, leading to a NULL pointer dereference. This vulnerability can be triggered by a local attacker, potentially causing a system crash an...