Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/setmemory: Avoid spinlock recursion in changepageattr The commit 1f9ad21c3b38 “powerpc/mm: Implement setmemory routines” included a spinlock call in changepageattr in order to safely perform the three-step operations...

UBUNTU-CVE-2026-46309

In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...

CVE-2026-46309 drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise

In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient PAT index verification in the madvice function within the drm xe uapi layer. This...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006776)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006776 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VMPAT handling in COW mappings PAT handling won't do the right thing in COW...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an improperly set BPF trampoline page attribute, which could result in a page fault...

x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()

...

CVE-2022-2090

The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting...

CVE-2021-24880

The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

kernel: x86/mm/pat: fix VM_PAT handling in COW mappings

CVE-2024-35877 pertains to a flaw in the Linux kernel's handling of Page Attribute Table PAT settings during Copy-On-Write COW operations. When a write operation triggers a COW event, the kernel may replace the original page table entries PTEs with anonymous folios. This replacement disrupts the...

DEBIAN-CVE-2025-22090

In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: Fix VMPAT handling when fork fails in copypagerange If trackpfncopy fails, we already added the dst VMA to the maple tree. As fork fails, we'll cleanup the maple tree, and stumble over the dst VMA for which we neither...

CVE-2025-2972

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-2972

...

CVE-2025-2972

The CVE-2025-2972 entry is marked with a CNA-rejected note in the Initial document, but connected records describe a ConcreteCMS-specific XSS issue: manipulation of the Title argument in the Page Attribute Display Block Handler can lead to cross-site scripting, affecting ConcreteCMS up to version...

CVE-2025-2972 ConcreteCMS Page Attribute Display Block cross site scripting

A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. Affected by this issue is some unknown functionality of the component Page Attribute Display Block Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...

CVE-2021-47632

In the Linux kernel, the following vulnerability has been resolved: powerpc/setmemory: Avoid spinlock recursion in changepageattr Commit 1f9ad21c3b38 "powerpc/mm: Implement setmemory routines" included a spinlock to changepageattr in order to safely perform the three step operations. But then...

DEBIAN-CVE-2021-47632

In the Linux kernel, the following vulnerability has been resolved: powerpc/setmemory: Avoid spinlock recursion in changepageattr Commit 1f9ad21c3b38 "powerpc/mm: Implement setmemory routines" included a spinlock to changepageattr in order to safely perform the three step operations. But then...

CVE-2021-47632

In the Linux kernel, the following vulnerability has been resolved: powerpc/setmemory: Avoid spinlock recursion in changepageattr Commit 1f9ad21c3b38 "powerpc/mm: Implement setmemory routines" included a spinlock to changepageattr in order to safely perform the three step operations. But then...

UBUNTU-CVE-2021-47632

In the Linux kernel, the following vulnerability has been resolved: powerpc/setmemory: Avoid spinlock recursion in changepageattr Commit 1f9ad21c3b38 "powerpc/mm: Implement setmemory routines" included a spinlock to changepageattr in order to safely perform the three step operations. But then...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from spin-lock recursion in the changepageattr function...