PT-2026-37064

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A TX deadlock occurs when using DMA in the 8250 serial driver. The dmaengine terminate async function does not guarantee the execution of the dma tx complete callback, which is the only...

Linux Distros Unpatched Vulnerability : CVE-2026-43061

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - serial: 8250: Fix TX deadlock when using DMA dmaengineterminateasync does not guarantee that the dmatxcomplete callback will run. The callback is currently the...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port-pm on port-specific driver unbind When we unbind a serial port via a hardware-specific 8250 driver, the generic serial8250 driver takes over control of the port. After that, an oops occurs approximately ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchors the urb in the read bulk callback. When submitting an urb, that is using the anchor pattern, it needs to be anchored before submission. Otherwise, it could be leaked if the usbkillanchoredurbs...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fixed hardware lockup upon the first Rx endpoint request There is a possibility that the callback of a request could be invoked from usbepqueue as shown in the call trace below, with missing calls included: c...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb:typec:ucsi: Do not attempt to resume ports before they exist. This fix addresses a null pointer dereference issue that occurred when the driver attempted to resume ports that were not yet registered...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: phy: usb: sunplus: Fix for a potential null-ptr-dereference in spusb PhyProbe. spusb PhyProbe will call platformgetresourcebyname, which may fail and return NULL. devmioremap will use usbphy-moon4resmem-start as an input, which m...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: Fixed a memory leak that occurred due to a failure in usbsubmiturb. In asyncsetregisters, when usbsubmiturb fails, the allocated asyncreq structure and URB are not freed, resulting in a memory leak. The...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: fmidi: fmidicomplete calling queuework When using USB MIDI, a lock attempt is made twice through a reentrant call to fmiditransmit, resulting in a deadlock. The issue is fixed by using queuework to schedule the inner...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: gadget: ffs: The function ffsdataclear is called twice. This is because it is indirectly called from both ffsfskillsb and ffsep0release. As a result, it is called twice when the userland process closes ep0 and then unmoun...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: serial: qcom-geni: Fix blocked task The changes made in commit 1afa70632c39 “serial: qcom-geni: Enable PM runtime for serial driver” and its dependent commit 86fa39dd6fb7 “serial: qcom-geni: Enable Serial on SA8255p Qualcomm...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: delluartbacklight: Fixed the race condition involving serdev. The delluartblserdevprobe function calls devmserdevdeviceopen before setting the client ops using serdevdevicesetclientops. This ordering can lead to a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the drivers/video/fbdev/smscufx.c file within the Linux kernel, up to version 5.19.12, there is a race condition that can lead to a use-after-free if a physically nearby attacker removes a USB device while the open function is called. This issue is essentially a race condition between ufxopsop...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: The flawed mitigation for rx irq flood has been removed. The mitigation was intended to completely stop the irq. This might be better than a hard lock-up, but it turns out that a crash still occurs if pmaczilog ...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as a RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver’s TXEN pin. When the TTY port is closed mid-transmission e.g....

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fixed a bug in the pipe direction for control transfers. The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: The BOGUS control direction, pipe 80001e80, does not match bRequestType 0. WARNING: CPU: ...

Astra Linux – Vulnerability in Linux, Linux 5.10

In lgprobe and related functions of hid-lg.c and other USB HID files, there is a possible out-of-bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device is connected, without the need for additional execution privileges. User...

Astra Linux – Vulnerability in Chromium

The use of “after free” in USB in Google Chrome before version 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fixed NULL pointer access issues. This patch ensures that the UCSI driver waits for all pending tasks in the ucsidisplayportwork workqueue to complete execution before proceeding with the partner...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: PCI: Fixed a use-after-free of slot-bus during hot removal. Dennis reported a boot crash on recent Lenovo laptops with a USB4 dock. Since the commit 0fc70886569c "thunderbolt: Reset USB4 v2 host router" and the commit...