Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: can: bcm: added locking for bcmop runtime updates. The CAN broadcast manager CAN BCM can send a sequence of CAN frames via hrtimer. The content and length of the sequence can be changed or reduced during runtime, after which the...

ROS-20260211-73-0004

A vulnerability in the net/can/bcm.c component of the Linux kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability may allow an attacker to gain access to confidential data, violate its integrity, and cause denial of service...

ROS-20260205-73-0001

A vulnerability in the net/can/bcm.c component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability may allow an attacker to gain access to sensitive data and also cause a denial of service...

CLSA-2026-1768110920 kernel: Fix of 16 CVEs

crypto: lzo - Fix compression buffer overrun CVE-2025-38068 - wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work CVE-2025-39863 - NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-43945 - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-40186 - can:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001493)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001493 advisory. net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are...

EUVD-2025-17384

Malicious code in bioql PyPI...

SUSE CVE-2023-53344

In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup: fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...

CVE-2023-53344 can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write

In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup: fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...

Linux Distros Unpatched Vulnerability : CVE-2021-3609

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocateonefolio CVE-2024-56758 In the Linux kernel, the following vulnerability has been resolved: hrtimers: Force migrate away hrtimers queued after CPUHPAPHRTIMERSDYIN...

SUSE CVE-2025-38004

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcmop runtime updates The CAN broadcast manager CAN BCM can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the...

CVE-2025-38004

The CVE-2025-38004 entry affects the Linux kernel CAN BCM subsystem. A race allowed by updates to the currframe/count in bcm_can_tx() could enable user-space-triggered modifications from hrtimer context, leading to a KASAN slab-out-of-bounds read. The patch fixes by moving the count variable into...

CLSA-2025-1747725447 kernel: Fix of 35 CVEs

ext4: fix OOB read when checking dotdot dir CVE-2025-37785 - wifi: iwlwifi: limit printed string from FW file CVE-2025-21905 - drm/amdgpu: Fix potential out-of-bounds access in 'amdgpudiscoveryregbaseinit' CVE-2024-27042 - dm-crypt: don't modify the data when using authenticated encryption...

CLSA-2025-1747688581 kernel: Fix of 15 CVEs

media: uvcvideo: Fix double free in error path CVE-2024-57980 - vrf: use RCU protection in l3mdevl3out CVE-2025-21791 - geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 - ibmvnic: Don't reference skb after sending to VIOS CVE-2025-21855 - pfifotailenqueue: Drop new packet when...

kernel: can: bcm: Fix UAF in bcm_proc_show()

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcmprocshow BUG: KASAN: slab-use-after-free in bcmprocshow+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 230 Hardwar...

CVE-2024-46771

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. syzkaller reported a warning in bcmconnect below. 0 The repro calls connect to vxcan1, removes vxcan1, and calls connect with ifindex == 0. Calling connect for a BCM socket...

CVE-2024-46771

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. syzkaller reported a warning in bcmconnect below. 0 The repro calls connect to vxcan1, removes vxcan1, and calls connect with ifindex == 0. Calling connect for a BCM socket...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2024-0014)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt...

SUSE CVE-2021-3609

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root...

USN-5505-1: Linux kernel vulnerabilities

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Likang Luo discovered that a race condition existed in the Bluetoo...