Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ubi: Fixed a race condition between ctrlcdevioctl and ubicdevioctl. Hulk Robot reported a KASAN report regarding a use-after-free issue: ========================================== BUG: KASAN: use-after-free in...

CVE-2026-46258

In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandlecreate In linehandlecreate, there is a statement like this: retainandnullptrlh; Soon after, there is a debug printout that dereferences "lh", which will crash things. Avoid the cras...

EUVD-2026-34120

In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandlecreate In linehandlecreate, there is a statement like this: retainandnullptrlh; Soon after, there is a debug printout that dereferences "lh", which will crash things. Avoid the cras...

CVE-2026-46258 gpio: cdev: Avoid NULL dereference in linehandle_create()

In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandlecreate In linehandlecreate, there is a statement like this: retainandnullptrlh; Soon after, there is a debug printout that dereferences "lh", which will crash things. Avoid the cras...

CVE-2026-46258

The CVE-2026-46258 issue is in the Linux kernel’s gpio: cdev module, where in linehandle_create() a NULL dereference could occur when lh is dereferenced after a retain_and_null_ptr(lh). The vulnerability is resolved by avoiding the dereference and using handlereq.lines, which holds the same value...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the gpio cdev module’s behavior during the linehandlecreate function. After retaining andnullptr,...

PT-2026-46021

In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle create In linehandle create, there is a statement like this: retain and null ptrlh; Soon after, there is a debug printout that dereferences "lh", which will crash things. Avoid the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: rapidio: devices: fixed the issue where putdevice was not called in mportcdevopen. When kfifoalloc fails, the reference count of chdev-dev remains incremented. We should use putdevice&chdev-dev to decrement the reference count of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the gpio module, for cdev devices, it is necessary to ensure that the cdev file descriptor remains active before emitting events. When the fput function is finally called on a file descriptor, the release action may be delayed...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A issue was discovered in the driver/mtd/ubi/cdev.c file within the Linux kernel 6.2. There is a division-by-zero error in the dodivsz, mtd-erasesize function, which is indirectly used by ctrlcdevioctl, when mtd-erasesize is 0...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Rapidio: fixed a possible UAF Use-after-Allocation when kfifoalloc fails. If kfifoalloc fails in mportcdevopen, it jumps to errfifo and simply frees priv. However, priv is still in chdev-filelist, and traversal of the list may le...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fixed the lifetime of fhidg relative to cdev The embedded struct cdev does not correctly tie its lifetime to the surrounding struct fhidg. As a result, there may be a use-after-free if /dev/hidgN is kept open...

OESA-2026-2176 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access WPA, WPA2, or WPA3 or Wired Equivalent Privacy WEP, an adversary can exploit this vulnerability to injec...

Linux Distros Unpatched Vulnerability : CVE-2026-31606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: fhid: don't call cdevinit while cdev in use When calling unbind, then bind again, cdevinit reinitialized the cdev, even though there may still be...

CVE-2026-31606

A flaw was found in the Linux kernel's USB Human Interface Device HID gadget driver. When the /dev/hidg device is still open during unbind and bind operations, the character device cdev is reinitialized while still in use. This unsafe behavior can lead to a system crash, resulting in a Denial of...

DEBIAN-CVE-2026-31606

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: don't call cdevinit while cdev in use When calling unbind, then bind again, cdevinit reinitialized the cdev, even though there may still be references to it. That's the case when the /dev/hidg device is still...

CVE-2026-31606

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: don't call cdevinit while cdev in use When calling unbind, then bind again, cdevinit reinitialized the cdev, even though there may still be references to it. That's the case when the /dev/hidg device is still...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the usb gadget fhid driver repeatedly initializing the cdev device during rebinding operations,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013551)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013551 advisory. In the Linux kernel, the following vulnerability has been resolved: rapidio: devices: fix missing putdevice in mportcdevopen When kfifoalloc fails, the refcount of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013723)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013723 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix fhidg lifetime vs cdev The embedded struct cdev does not have its lifetime...