Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevents potential Spectre v1 exploits. It seems that cmd could be a Spectre v1 exploit, as it is provided by a user and used as an array index. This vulnerability prevents the contents of kernel memory from being leake...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint The arrayindexnospec function is useless if the result is spilled to the stack, as it makes the supposedly safe-under-speculation value subject to memory predictions. For all...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The issue of protecting the fetch of -fdfd in dodup2 from mispredictions has been addressed. Both callers have ensured that fd is not greater than -maxfds; however, a misprediction might lead to the speculative execution of tofre...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sysrtas. Smatch warns: arch/powerpc/kernel/rtas.c:1932 dosysrtas warning: potential Spectre issue with ‘args args’ r local limit The ‘nargs’ and ‘nret’ locals originate from...

UBUNTU-CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

CVE-2026-46037

The CVE-2026-46037 issue affects the Linux kernel IPv4 ICMP component. Extended echo replies could use ICMP_EXT_ECHOREPLY outside the icmp_pointers[] range; the fix avoids icmp_pointers[] lookups for out-of-range types and uses array_index_nospec() for in-range lookups. Multiple OS feeds report p...

CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/xe: Added a bounds check on patindex to prevent out-of-bounds kernel reads in madvise. When the user provides a bogus patindex value through the madvise IOCTL, the xepatindexgetcohmode function performs an array access...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: gpio: Preventing potential speculation leaks in gpiodevicegetdesc The userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do this by calling gpioioctl with an offset that is out of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential Spectre v1 gadget It seems that nr might be a Spectre v1 gadget, as it is provided by a user and used as an array index. This issue prevents the contents of kernel memory from being leaked to user...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: netlink: prevents potential Spectre v1 exploits Most netlink attributes are parsed and validated via nlavalidateparse or validatenla. c u16 type = nlatypenla; if type == 0 || type maxtype / Report an error or proceed with...

SUSE CVE-2026-43280

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add bounds check on patindex to prevent OOB kernel read in madvise When user provides a bogus patindex value through the madvise IOCTL, the xepatindexgetcohmode function performs an array access without validating bounds...

CVE-2026-31781

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...

CVE-2026-31781

CVE-2026-31781 concerns the Linux kernel drm/ioc32 compat ioctl path, where a user-controlled pointer was used to index a table of function pointers (spectre-like pattern). The issue is mitigated by applying array_index_nospec on the index to the function-pointer list, as described in the fix. Co...

CVE-2026-31781 drm/ioc32: stop speculation on the drm_compat_ioctl path

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...

EUVD-2026-26594

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...

CVE-2026-31483

In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre boundary for syscall dispatch table The s390 syscall number is directly controlled by userspace, but does not have an arrayindexnospec boundary to prevent access past the syscall function pointer tables...

CVE-2026-31483

CVE-2026-31483 affects the s390 architecture in the Linux kernel. The root cause is a missing array_index_nospec() boundary in the syscall dispatch table, allowing a user-controlled syscall number to exceed the function pointer table and potentially read kernel memory via speculative execution (S...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006920)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006920 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006742)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006742 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are...