194 matches found
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: Initializing the event handler for read bytes A value of 0xff was set for I2C reads of the mctp-i2c device. Otherwise, reads will return “val” from the I2C bus driver. For I2c-aspeed and i2c-npcm7xx, this represents an...
Linux Distros Unpatched Vulnerability : CVE-2026-45865
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return val from the i2c bus driver. For...
EUVD-2026-32331
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...
UBUNTU-CVE-2026-45865
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...
CVE-2026-45865 mctp i2c: initialise event handler read bytes
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...
PT-2026-43732
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mctp-i2c device where i2c reads fail to initialize the event handler read bytes. This causes reads to return the val variable from the i2c bus driver. In the cases...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: The bug involving a refcount leak in astvhubinitdesc has been fixed. We should call ofnodeput for the reference returned by ofgetchildbyname, as this increased the refcount...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: Media: aspeed – Fix the clock handling logic The Video Engine uses eclk and vclk as its clock sources. Its reset control is coupled with eclk, so the current clock enabling sequence works as follows: 1. Enable eclk. 2. De-assert...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iio: adc: aspeed: Fixed the refcount leak in aspeedadcsettrimdata. The function offindnodebyname returns a node pointer with a refcount incremented; we should use ofnodeput on it after processing. Added the missing ofnodeput...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: socinfo: Added kfree call for kstrdup. Added kfree in the subsequent error handling to avoid memory leaks...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: serial: 8250aspeedvuart: Fixed the potential NULL dereferencing in aspeedvuartprobe. The platformgetresource function may fail and return NULL; therefore, we should better check its return value to avoid NULL pointer dereferencin...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: pinctrl: aspeed: Fixed a potential NULL dereferencing in aspeedpinmuxsetmux. pdesc could potentially be null, but still, dereferencing pdesc-name would lead to a NULL pointer access. Therefore, we moved a null check before the...
Astra Linux – Vulnerability in Linux
A vulnerability was discovered in aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before version 5.14.6. Local attackers who had access to the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileged operations, denoted as...
CVE-2026-31615
A flaw was found in the Linux kernel's renesasusb3 and aspeedudc drivers. These drivers did not properly validate endpoint index numbers provided by a host during standard USB requests, such as GETSTATUS and SET/CLEARFEATURE. This oversight could allow an attacker to provide a crafted endpoint...
ROS-20260304-73-0021
A vulnerability in the aspeedlpcenablesnoop function of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: soc: aspeed: lpc-snoop: Do not disable channels that are not enabled. The following issues have been mitigated: echo 1e789080.lpc-snoop /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... 120.363594 Unable to handle a NULL...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add a NULL check in aspeedlpcenablesnoop. devmkasprintf returns NULL when memory allocation fails. Currently, aspeedlpcenablesnoop does not check for this case, resulting in a NULL pointer being dereferenced. Add a...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: A NULL pointer check was added in astvhubinitdev. The variable d-name, returned by devmkasprintf, could potentially be NULL. A pointer check was added to prevent potential NULL pointer dereferencing. This is...
Azure Linux 3.0 Security Update: kernel (CVE-2024-46836)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46836 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeedudc: validate endpoin...
Azure Linux 3.0 Security Update: kernel (CVE-2025-37881)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37881 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer...