EUVD-2026-39838

In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extensionlist reading with sblock in f2fssbishow In f2fssbishow, the extensionlist, extensioncount and hotextcount are read without holding sbi-sblock. If a concurrent sysfs store modifies the extension list via...

CVE-2026-53303

CVE-2026-53303 — In the Linux kernel's f2fs subsystem, f2fs_sbi_show() reads extension_list, extension_count, and hot_ext_count without holding sbi->sb_lock. A concurrent sysfs store in f2fs_update_extension_list() could cause inconsistent counts or contents, risking out-of-bounds access or di...

EUVD-2026-38993

In the Linux kernel, the following vulnerability has been resolved: md: fix arraystate=clear sysfs deadlock When "clear" is written to arraystate, mdattrstore breaks sysfs active protection so the array can delete itself from its own sysfs store method. However, mdattrstore currently drops the...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context CVE-2022-50472 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Revert “usb: typec: ucsi: add a common function ucsiunregisterconnectors”. The recent commit 87d0e2f41b8c “usb: typec: ucsi: add a common function ucsiunregisterconnectors” introduced a regression that caused NULL dereferencing...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix a possible memory leak in iiosysfsTrigInit The devsetname function allocates memory for the device name. This memory needs to be freed when deviceadd fails. After calling putdevice, the reference held by...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure that info-enable callback is always set. The ioctl and sysfs handlers call the -enable callback unconditionally. Not all drivers implement this callback, resulting in NULL dereferencing. Examples of affected drivers:...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cpufreq: The completion function is called before kobjectinitandadd. In cpufreqpolicyalloc, the uninitialized completion function is called in cpufreqsysfsrelease when kobjectinitandadd fails. This will cause a crash, such as a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: block: fixed a memory leak in diskregisterindependentaccessranges. The kobjectinitandadd function takes a reference even when it fails. According to the documentation for kobjectinitandadd: If this function returns an error,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/xe/vf: Do not expose sysfs attributes that are not applicable to VFs. VFs cannot read the BMGPCIECAP0x138340 register, nor can they access the PCODE which is already guarded by the info.skippcode flag. Therefore, we should...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed a kernel warning during topology setup This patch fixes the following kernel warning that occurred during driver loading by correctly initializing the p2plink attr before creating the sysfs file: +0.002865...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: uacce: fixed the isolate/sysfs check condition. uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will now create sysfs...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irqworkrunli...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr in repeatcallfn damonsysfsrepeatcallfn calls damonsysfsupdtunedintervals, damonsysfsupdschemesstats, and damonsysfsupdschemeseffectivequotas without checking contexts-nr. If nrcontexts is set to ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dellrbu – Fix for the use of the list parameter in listforeachentry. It is necessary to pass the correct list head to the listforeachentry function when looping through the packet list. Without this patch, reading t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: brdfiamac – Check for the probe id argument being NULL The probe id argument may be NULL in two scenarios: 1. When brdfiamacpciepmleaveD3 calls brdfiamacpcieprobe to reprobe the device. 2. When a user attempts to manually...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Ensure that “ibport” is valid when accessing the sysfs node. The “ibport” structure must be set before adding the sysfs kobject, and reset after removing it. Otherwise, the system may crash when accessing the sysfs...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: spi: Fix for statistics allocation. The controller per-cpu statistics is not allocated until after the controller has been registered with the driver core. This creates a window during which accessing the sysfs attributes may lea...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: hwmon: coretemp Simplified platform device handling Coretemp’s platform driver is unconventional. All the actual processing is performed globally by the initcall and CPU hotplug notifiers. The “driver” essentially just wraps t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Thermal: Core – The putdevice function should only be called after deviceregister fails. putdevice should not be called before a previous call to deviceregister. thermalcoolingdeviceregister does not follow this principle...