Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed – fixed a double-free issue caused by devm. The clock obtained via devmclkgetenabled is automatically managed by devres. It will be disabled and freed when the driver is detached. Manual calls to clkdisableunprepar...

Astra Linux – Vulnerability in Linux

A vulnerability was discovered in aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before version 5.14.6. Local attackers who had access to the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileged operations, denoted as...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: serial: 8250aspeedvuart: Fixed the potential NULL dereferencing in aspeedvuartprobe. The platformgetresource function may fail and return NULL; therefore, we should better check its return value to avoid NULL pointer dereferencin...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: iio: adc: aspeed: Fixed the refcount leak in aspeedadcsettrimdata. The function offindnodebyname returns a node pointer with a refcount incremented; we should use ofnodeput on it after processing. Added the missing ofnodeput...

Linux Distros Unpatched Vulnerability : CVE-2026-45865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return val from the i2c bus driver. For...

EUVD-2026-32331

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...

UBUNTU-CVE-2026-45865

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...

CVE-2026-45865 mctp i2c: initialise event handler read bytes

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...

PT-2026-43732

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mctp-i2c device where i2c reads fail to initialize the event handler read bytes. This causes reads to return the val variable from the i2c bus driver. In the cases...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: Media: aspeed: Fix clock handling logic The Video Engine uses eclk and vclk as its clock sources. Its reset control is coupled with eclk, so the current clock enabling sequence works as follows: 1. Enable eclk. 2. De-assert the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fixed a refcount leak bug in astvhubinitdesc. We should call ofnodeput for the reference returned by ofgetchildbyname, which has increased the refcount...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: pinctrl: aspeed: Fixed a potential NULL dereferencing in aspeedpinmuxsetmux. pdesc could potentially be null, but still, dereferencing pdesc-name would lead to a NULL pointer access. Therefore, we moved a null check before the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: socinfo: Added kfree in the subsequent error handling steps to avoid memory leaks...

CVE-2026-31615

A flaw was found in the Linux kernel's renesasusb3 and aspeedudc drivers. These drivers did not properly validate endpoint index numbers provided by a host during standard USB requests, such as GETSTATUS and SET/CLEARFEATURE. This oversight could allow an attacker to provide a crafted endpoint...

ROS-20260304-73-0021

A vulnerability in the aspeedlpcenablesnoop function of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46836)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46836 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeedudc: validate endpoin...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37881)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37881 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38145)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38145 advisory. - In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add NULL check in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001432)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001432 advisory. An issue was discovered in aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC...

ROS-20260113-7316

Vulnerability of astudcgetstatus function in drivers/usb/gadget/udc/aspeedudc.c module of usb gadget driver of Linux kernel is related to incorrect index calculation. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected...