189 matches found
EUVD-2026-32331
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...
UBUNTU-CVE-2026-45865
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...
CVE-2026-45865 mctp i2c: initialise event handler read bytes
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...
PT-2026-43732
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed – fixed a double-free issue caused by devm. The clock obtained through devmclkgetenabled is automatically managed by devres. It will be disabled and freed when the driver is detached. Manual calls to...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeedudc: validate endpoint index for ast udc We should verify the binding of the array to ensure that the host cannot manipulate the index to point beyond the endpoint array. This issue was identified through a...
Astra Linux - уязвимость в linux
A vulnerability was discovered in aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before version 5.14.6. Local attackers who had access to the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileged operations, denoted as...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: serial: 8250aspeedvuart: Fixed the potential NULL dereferencing in aspeedvuartprobe. The platformgetresource function may fail and return NULL; therefore, we should better check its return value to avoid NULL pointer dereferencin...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: iio: adc: aspeed: Fixed a refcount leak in aspeedadcsettrimdata. The function offindnodebyname returns a node pointer with a refcount incremented. We should use ofnodeput on it after processing. Add the necessary ofnodeput cal...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add a NULL check in aspeedlpcenablesnoop. devmkasprintf returns NULL when memory allocation fails. Currently, aspeedlpcenablesnoop does not check for this case, which results in a NULL pointer being dereferenced. Add...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Media: aspeed – Fixed memory overwriting issues when the resolution is 1600x900. When displaying at a resolution of 1600x900, the system may crash if the system’s memory usage is tight. The way to reproduce this issue is as...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: pinctrl: aspeed: Fix potential NULL dereference in aspeedpinmuxsetmux pdesc could be null but still dereference pdesc-name and it will lead to a null pointer access. So we move a null check before dereference...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Added a NULL pointer check in astvhubinitdev. The variable d-name, returned by devmkasprintf, could potentially be NULL. A pointer check has been added to prevent potential NULL pointer dereferencing. This is...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fixed a reference count leak issue in astvhubinitdesc. We should call ofnodeput for the reference returned by ofgetchildbyname, which has increased the reference count...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: echo 1e789080.lpc-snoop /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... 120.363594 Unable to handle kernel NULL pointer...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: socinfo: Add kfree for kstrdup Add kfree in the later error handling in order to avoid memory leak...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerability has been resolved: media: aspeed: fix clock handling logic Video engine uses eclk and vclk for its clock sources and its reset control is coupled with eclk so the current clock enabling sequence works like below. Enable eclk De-assert Video Engine...
CVE-2026-31615
A flaw was found in the Linux kernel's renesasusb3 and aspeedudc drivers. These drivers did not properly validate endpoint index numbers provided by a host during standard USB requests, such as GETSTATUS and SET/CLEARFEATURE. This oversight could allow an attacker to provide a crafted endpoint...
ROS-20260304-73-0021
A vulnerability in the aspeedlpcenablesnoop function of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38145)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38145 advisory. - In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add NULL check in...