Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: PCI: Fixed a use-after-free in pcibusreleasedomainnr. The commit c14f7ccc9f5d “PCI: Assign PCI domain IDs using idaalloc” introduced a use-after-free bug during the bus removal process. This issue was discovered with kfence:...

PT-2026-34973

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the bnge driver where the error path fails to return after calling the auxiliary device uninit function. When auxiliary device add fails, the system calls auxiliary...

EUVD-2025-32844

In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fix error handing in chameleonparsegdd If mcbdeviceregister returns error in chameleonparsegdd, the refcount of bus and device name are leaked. Fix this by calling putdevice to give up the reference, so they can b...

SUSE CVE-2023-53363

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free in pcibusreleasedomainnr Commit c14f7ccc9f5d "PCI: Assign PCI domain IDs by idaalloc" introduced a use-after-free bug in the bus removal cleanup. The issue was found with kfence: 19.293351 BUG: KFENCE:...

PT-2025-38213

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue was identified in the Linux kernel related to PCI bus removal cleanup. Specifically, the vulnerability occurs in the pci bus release domain nr function after the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in the pcibusreleasedomainnr function...

SUSE CVE-2024-56561

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix PCI domain ID release in pciepcdestroy pciepcdestroy invokes pcibusreleasedomainnr to release the PCI domain ID, but there are two issues: - 'epc-dev' is passed to pcibusreleasedomainnr which was already freed ...

SUSE CVE-2021-47361

In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcballocbus There are two bugs: 1 If idasimpleget fails then this code calls putdevicecarrier but we haven't yet called getdevicecarrier and probably that leads to a use after free. 2 After...

UBUNTU-CVE-2021-47361

In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcballocbus There are two bugs: 1 If idasimpleget fails then this code calls putdevicecarrier but we haven't yet called getdevicecarrier and probably that leads to a use after free. 2 After...

kernel: PCI: Fix use-after-free in pci_bus_release_domain_nr()

A use-after-free exists in the linux kernel such that The kernel frees the struct pcibus in pciremovebus via releasepcibusdev. After the structure is freed, a callback pcibusreleasedomainnr accesses that freed memory, leading to damage to system availability...