199 matches found
CVE-2026-34196
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the...
CVE-2026-53140
A flaw was found in the Linux kernel's drm/v3d driver. This vulnerability occurs because a specific function, v3drewritecsdjobwgcountsfromindirect, does not correctly release virtual address mappings under certain conditions, specifically when workgroup counts are zero. This oversight results in ...
CVE-2026-52971
In the Linux kernel, the following vulnerability has been resolved: net: ena: PHC: Fix potential use-after-free in gettimestamp Move the phc-active check and resp pointer assignment to after acquiring the spinlock. Previously, phc-active was checked without holding the lock, and resp was cached...
CVE-2026-46325
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different from the system PAGESIZE. The core issue is that rxesetpage is called...
CVE-2026-46325
Summary (details from sources): CVE-2026-46325 affects the Linux kernel RDMA/rxe code, where iova-to-va conversion fails when MR page_size differs from system PAGE_SIZE. The bug arises because rxe_set_page() uses mr->page_size steps while the page_list holds PAGE_SIZE pages, and ib_sg_to_page(...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect handling of the iova to va conversion when the MR page size in RDMA/rxe differs from the...
CVE-2026-46093 mm/vmalloc: take vmap_purge_lock in shrinker
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmappurgelock in shrinker decayvapoolnode can be invoked concurrently from two paths: purgevmaparealazy when pools are being purged, and the shrinker via vmapnodeshrinkscan. However, decayvapoolnode is not safe t...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fixed the use of VAS memory after freeing it. The reference count on the memory module is lowered before the coprocessor is detached...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: amdgpu: validated offsetinbo of drmamdgpugemva This issue arises due to OOB access in amdgpuvmupdaterange when offsetinbo + mapsize causes an overflow. v2: retained the validations for amdgpuvmbomap v3: added the validations t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dpaa2-eth: The virtual address is retrieved before calling dmaunmap. The TSO header was unmapped via DMA before the virtual address was retrieved, and then the buffer was freed using that address. This meant that we actually...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: PowerPC: Fixed virtaddrvalid for 64-bit Book3E & 32-bit systems. MPE: On 64-bit Book3E, the vmalloc space starts at 0x8000000000000000. Due to the way pa works, pa0x8000000000000000 returns 0. Consequently,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: The repeatcallcontrol is deallocated if damoncall fails. damoncall for managing repeatcallcontrol of DAMONSYSFS may fail if the kdamond is stopped before the damoncall. This can occur, for example, when the damon...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the virtual address and size of the userq buffer. It is necessary to validate the virtual address of the userq object to determine whether it is located in a valid vm mapping...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find the EFIMEMORYRUNTIME block for the PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because PRMT is looking for a block...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1, and Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Check that bova-bo is not NULL before using it. The call to radeonvmclearfreed may clear bova-bo, so we must check this before dereferencing it...
CVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key updates include: - Moved the logic for managing the last update fence...
CVE-2026-43237
CVE-2026-43237 affects the Linux kernel AMDGPU driver, specifically the amdgpu_gem_va_ioctl handling of fences for VM timeline management. The issue could cause a refcount underflow and use-after-free during fence processing, potentially leading to a kernel panic and denial of service. The descri...
Linux Distros Unpatched Vulnerability : CVE-2026-43237
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key update...
PT-2026-36400
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPU VA RESERVED TRAP SIZE to 64KB Currently, AMDGPU VA RESERVED TRAP SIZE is hardcoded to 8KB, while KFD CWSR TBA TMA SIZE is defined as 2 PAGE SIZE. On systems with 4K pages, both values match 8KB, so...
openSUSE 16 Security Update : tailscale (openSUSE-SU-2026:20192-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20192-1 advisory. Changes in tailscale: - Update to version 1.94.0: IS SET and NOT SET have been added as device posture operators India DERP Region City Name...