OESA-2026-2417 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved:mm/mempolicy: fix migratetonode assuming there is at least one VMA in a MMWe currently assume that there is at least one VMA in a MM, which isn ttrue.So we might...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodation for VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized PV Xen domains: The user process sets up a gntdev mapping consisting of...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021536)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021536 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smapsrollup: fix no vma's null-deref Commit 258f669e7e88 mm: /proc/pid/smapsrollup:...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A issue was discovered in include/asm-generic/tlb.h in the Linux kernel before version 5.19. Due to a race condition between unmapmappingrange and munmap, a device driver can free a page while it still has stale TLB entries. This only occurs in situations involving VMPFNMAP VMAs...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: The WARNON message in tracingbuffersmmapclose has been fixed for split VMA cases. When a VMA is split e.g., through partial munmap or MAPFIXED, the kernel calls vmops-close on each portion of the VMA. For trace buffer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: fixed a UAF Use-After-Free issue when vma-mm is freed after vma-vmrefcnt has been dropped. By introducing delays in the appropriate places, Jann Horn created a scenario where a UAF issue could occur after VMs were allowed to ...

Astra Linux – Vulnerability in Linux

A issue was discovered in Linux: improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks and cause pages to be freed while still accessible by the VMM and guest. This allows users who have the ability to start and control a VM to read/write random pages of memory, potentially leading ...

CVE-2026-31785

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xepagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xepagefaultservice after the VMA lookup. v2: - Apply max line length...

PT-2026-34384

In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of remap prev/next During 3D workload, user is reporting hitting: 413.361679 WARNING: drivers/gpu/drm/xe/xe vm.c:1217 at vm bind ioctl ops unwind+0x1e2/0x2e0 xe, CPU7: vkd3d queue/9925 413.361944 CPU: 7...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013814)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013814 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smapsrollup: fix no vma's null-deref Commit 258f669e7e88 mm: /proc/pid/smapsrollup:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013391)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013391 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smapsrollup: fix no vma's null-deref Commit 258f669e7e88 mm: /proc/pid/smapsrollup:...

CVE-2026-31390

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xevmmadviseioctl When checkboargsaresane validation fails, jump to the new freevmas cleanup label to properly free the allocated resources. This ensures proper cleanup in this error path. cherry picked...

CVE-2026-23416

A flaw was found in the Linux kernel. An issue in the memory management mm/mseal component, specifically during the merging of Virtual Memory Areas VMAs, could lead to incorrect updates of VMA end pointers. This could result in stale memory pointers and incorrect starting points for subsequent...

EUVD-2026-18198

In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current VMA in currend, and then upon iterating to the next VMA updated currstart to currend to advance to the next VMA. However, this doesn't take...

CVE-2026-23416

In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current VMA in currend, and then upon iterating to the next VMA updated currstart to currend to advance to the next VMA. However, this doesn't take...

CVE-2026-23416

The CVE-2026-23416 issue affects the Linux kernel (mm/mseal) where vm_area_struct end handling could become stale during VMA merges. The root cause is curr_end not staying in sync when a VMA is updated via vma_modify_flags(), leading to an incorrect curr_start on the next iteration. The fix uncon...

PT-2026-29723

In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current VMA in curr end, and then upon iterating to the next VMA updated curr start to curr end to advance to the next VMA. However, this doesn't tak...

CVE-2025-68329

The CVE-2025-68329 entry documents a Linux kernel issue in tracing: when a VMA is split, the kernel could invoke ring_buffer_unmap multiple times (due to multiple vm_ops->close calls) while ring_buffer_map was called once, causing ring_buffer_unmap to return -ENODEV and triggering a WARN_ON. T...

CVE-2025-68329 tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose for split VMAs When a VMA is split e.g., by partial munmap or MAPFIXED, the kernel calls vmops-close on each portion. For trace buffer mappings, this results in ringbufferunmap being...

CVE-2025-68211

In the Linux kernel, the following vulnerability has been resolved: ksm: use range-walk function to jump over holes in scangetnextrmapitem Currently, scangetnextrmapitem walks every page address in a VMA to locate mergeable pages. This becomes highly inefficient when scanning large virtual memory...