487 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53329
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as capacity vector-structsize using uint32t...
CVE-2026-53329
A flaw was found in the Linux kernel's drm/amd/display component. The dalvectorreserve function calculates memory allocation size using 32-bit arithmetic, which can lead to an integer overflow. This overflow causes a smaller memory buffer to be allocated than intended, resulting in a heap overflo...
CVE-2026-53329
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...
CVE-2026-53329
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...
EUVD-2026-40963
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...
CVE-2026-53329
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...
CVE-2026-53329
The CVE affects the Linux kernel’s drm/amd/display path, specifically dal_vector_reserve(). The allocation size is computed as capacity * vector->struct_size using uint32_t arithmetic, which can overflow and yield a smaller buffer, causing heap overflows on subsequent vector appends. The fix r...
CVE-2026-53154
CVE-2026-53154 concerns the Linux kernel mm/hugetlb subsystem. The fix restores the per-VMA hugetlb reservation on error during hugetlb folio copy paths (specifically after alloc_hugetlb_folio() and before folio_put()), preventing leaked reservations that could cause a subsequent fault to encount...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: llc: Makes llcuisendmsg more robust against changes related to bonding. syzbot was able to exploit llcuisendmsg, allocating a skb without sufficient headroom, and then attempting to append 14 bytes of Ethernet header information...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: atl1c: Workaround for the DMA RX overflow issue. This work is based on the alx driver commit 881d0327db37 “net: alx: Workaround for the DMA RX overflow issue”. The alx and atl1c drivers both had RX overflow errors; therefore, ...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: Fixed an error in counting reservedcblocks when there is no space available. When a file requires only one directnode, performing the following operations will result in the file being unrecoverable: bash unisoc...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bcache: Avoid a “journal no-space deadlock” by reserving 1 journal bucket. The “journal no-space deadlock” has been reported from time to time. Such a deadlock can occur in the following situations: When all journal buckets are...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: riscv: fixed the reserved memory setup Currently, RISC-V sets up reserved memory using the “early” copy of the device tree. As a result, when trying to access a reserved memory region using ofreservedmemlookup, the pointer to the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Holding the reservation lock around madvise Acquiring and releasing the GEM object’s reservation lock during calls to the object’s madvide operation. The tests use drmgemshmemmadviselocked, which caused errors...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: EFI: Fixed a potential NULL dereference in efememreservepersistent. When iterating over a linked list, the result of memremap is dereferenced without checking if it is NULL. This patch adds a check that falls back to allocating a...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed the issue where the qgroup reserve overflows the qgroup limit. We use extentchangeset-byteschanged in qgroupreservedata to record how many bytes are set for the EXTENTQGROUPRESERVED state. Currently, byteschanged is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: EFI: Fix for reserving unaccepted memory tables The reserveunaccepted function incorrectly calculates the size of the memblock reserved for unaccepted memory tables. It aligns the size of the table, but fails to take into account...
CVE-2026-45851
In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table The reserveunaccepted function incorrectly calculates the size of the memblock reservation for the unaccepted memory table. It aligns the size of the table, but fails to account for...
ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
...
CVE-2026-43501 ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...