Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/setmemory: Avoid spinlock recursion in changepageattr The commit 1f9ad21c3b38 “powerpc/mm: Implement setmemory routines” included a spinlock call in changepageattr in order to safely perform the three-step operations...

CVE-2026-31769

In the Linux kernel, the following vulnerability has been resolved: gpib: fix use-after-free in IO ioctl handlers The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the descriptor via...

SUSE-SU-2026:21096-1 Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

CVE-2026-23184 binder: fix UAF in binder_netlink_report()

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in bindernetlinkreport Oneway transactions sent to frozen targets via binderproctransaction return a BRTRANSACTIONPENDINGFROZEN error but they are still treated as successful since the target is expected to thaw a...

CVE-2026-23159 perf: sched: Fix perf crash with new is_user_task() helper

In the Linux kernel, the following vulnerability has been resolved: perf: sched: Fix perf crash with new isusertask helper In order to do a user space stacktrace the current task needs to be a user task that has executed in user space. It use to be possible to test if a task is a user task or not...

PT-2026-27719

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's x86/fred component related to speculative safety within the fred extint function. The array index nospec function was not effectively utilized to...

CVE-2022-50375

CVE-2022-50375 affects the Linux kernel: the fix ensures that in lpuart_dma_shutdown the flags for lpuart_dma_tx_use and lpuart_dma_rx_use are set to false. Without this, lpuart_flush_buffer could access DMA APIs after DMA teardown, causing aborts. The patch prevents DMA access after relinquishme...

SUSE CVE-2025-39818

In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer &dev-i2csubipregs caused kernel crash and out-of-bounds error: BUG: KASAN: slab-out-of-bounds in...

CVE-2025-37938

In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. I...

CVE-2025-37782

In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: fix slab-out-of-bounds in hfsbnodereadkey Syzbot reported an issue in hfs subsystem: BUG: KASAN: slab-out-of-bounds in memcpyfrompage include/linux/highmem.h:423 inline BUG: KASAN: slab-out-of-bounds in hfsbnoderead...

CVE-2025-21823

CVE-2025-21823 relates to the Batman-adv (batman-adv) Linux kernel module. The root cause was the ELP metric worker per interface, which could sleep while iterating over neighbors under an RCU list, creating a race that could lead to invalid memory access if the worker was canceled or if interfac...

SUSE CVE-2024-57930

In the Linux kernel, the following vulnerability has been resolved: tracing: Have processstring also allow arrays In order to catch a common bug where a TRACEEVENT TPfastassign assigns an address of an allocated string to the ring buffer and then references it in TPprintk, which can be executed...

CVE-2024-46696

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix potential UAF in nfsd4cbgetattrrelease Once we drop the delegation reference, the fields embedded in it are no longer safe to access. Do that last...

CVE-2024-5724 Photo Video Gallery Master <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection

The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGMallphotosdetails' parameter. This makes it possible for authenticated attackers, with Contributor-level access and abov...