EUVD-2026-35870

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: block: Do not revert the iterator for -EIOCBQUEUED. The blkdevreaditer function includes some unusual checks. For example, it gates the position and count adjustment based on whether the result is greater than or equal to zero...

CVE-2022-50488

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq-bic' Our test report a uaf for 'bfqq-bic' in 5.10: ================================================================== BUG: KASAN: use-after-free in bfqselectqueue+0x378/0xa30 CPU: 6 PID:...

PT-2025-29022

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to block I/O operations. Specifically, using submit bio noacct nocheck in blk zone wplug bio work duplicates work and can lead to deadlocks wh...

DEBIAN-CVE-2022-49411

In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgroup that was already offlined. This may then cause insertion of this bfqgroup into a service tree. But...

UBUNTU-CVE-2022-49176

In the Linux kernel, the following vulnerability has been resolved: bfq: fix use-after-free in bfqdispatchrequest KASAN reports a use-after-free report when doing normal scsi-mq test 69832.239032 ================================================================== 69832.241810 BUG: KASAN:...

SUSE CVE-2024-53166

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-lock, however bfqlimitdepth is deferencing bfqq from bic without the lock, this can lead to UAF if t...

DEBIAN-CVE-2024-47736

In the Linux kernel, the following vulnerability has been resolved: erofs: handle overlapped pclusters out of crafted images properly syzbot reported a task hang issue due to a deadlock case where it is waiting for the folio lock of a cached folio that will be used for cache I/Os. After looking...

CVE-2024-47706 block, bfq: fix possible UAF for bfqq->bic with merge chain

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq-bic with merge chain 1 initial state, three tasks: Process 1 Process 2 Process 3 BIC1 BIC2 BIC3 | Λ | Λ | Λ | | | | | | V | V | V | bfqq1 bfqq2 bfqq3 process ref: 1 1 1 2 bfqq1 merged to bfqq...

DEBIAN-CVE-2024-41067

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup error correctly BUG When running btrfs/060 with forced RST feature, it would crash the following ASSERT inside scrubreadendio: ASSERTsectornr nrsectors; Before that, we would have tree dump from...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that when an inter-area buffer is marked EXTENTBUFFERZONEDZEROOUT, Btrfs clears the contents of the...

Unbreakable Enterprise kernel security update

5.4.17-2136.315.5 - Revert 'xfs: Lower CIL flush limit for large logs' Sherry Yang Orabug: 34917369 - Revert 'xfs: Throttle commits on delayed background CIL push' Sherry Yang Orabug: 34917369 - Revert 'xfs: fix use-after-free on CIL context on shutdown' Sherry Yang Orabug: 34917369...

kernel: blk-throttle: Set BIO_THROTTLED when bio has been throttled

In the Linux kernel, the following vulnerability has been resolved: blk-throttle: Set BIOTHROTTLED when bio has been throttled 1.In current process, all bio will set the BIOTHROTTLED flag after blkthrotlbio. 2.If bio needs to be throttled, it will start the timer and stop submit bio directly. Bio...

kernel security and bug fix update

4.18.0-240.8.13.OL8 - Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x64...

USN-4345-1: Linux kernel vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial...

USN-4342-1: Linux kernel vulnerabilities

Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2020-11884 It was discovered that t...

USN-4346-1: Linux kernel vulnerabilities

It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service system crash. CVE-2019-16233 It was discovered that the Intel Wi-Fi driver in t...

USN-4346-1 linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service system crash. CVE-2019-16233 It was discovered that the Intel Wi-Fi driver in t...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4342-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4342-1 advisory. Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4344-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4344-1 advisory. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly u...