Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: clk: meson: Added missing clocks to axgclkregmaps Some clocks were missing from axgclkregmaps, which caused kernel panic during the command cat /sys/kernel/debug/clk/clksummary. 57.349402 Unable to handle a NULL pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fixed an error handling path in clkmt8135apmixedprobe “clkdata” is allocated using mtkdevmallocclkdata. Therefore, explicitly calling mtkfreeclkdata in the remove function would lead to a...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: zynq – Prevent null pointer dereferencing caused by kmalloc failures The kmalloc function in zynqclksetup will return null if physical memory runs out. As a result, if we use snprintf to write data to a null address, a null...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fixed an array underflow issue in geniseclktblget. This loop is supposed to break if the frequency returned by clkroundrate is the same as that of the previous iteration. However, that check doesn’t make sense...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ep93xx: clock: Fix for an offset of one in ep93xxdivrecalcrate. The psc-div array contains psc-numdiv elements. These values are derived from when we call clkhwregisterdiv. The size of these values is determined by...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: Fixed the issue where clkcoreget could dereference a NULL value. It is possible for clkcoreget to dereference a NULL value in the following sequence: c clkcoreget ofclkgetHWFromClkspec ofclkgetHWFromProvider clkgetHW clkgetH...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: Unregistering the i2c device after unregistering the CEC adapter. The cecunregisteradapter function assumes that the underlying CEC adapter is callable. For example, if the CEC adapter currently has a valid...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign normalizedpixclk when color depth = 14 WHY & HOW A warning message appears: “WARNING: CPU: 4 PID: 459 at …/dcresource.c:3397 calculatephypixclks+0xef/0x100 amdgpu”. This occurs because the condition...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: qcom: bamdma: Fixed error handling for num-channels/ees When there is no clock specified in the device tree, there is no way to ensure that BAM is enabled. This often occurs for remotely controlled or remotely power...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: hwrng: ks-sa – fix division by zero in kssarnginit The issue of division by zero in kssarnginit was caused by missing clock pointer initialization. The clkgetrate function calls are performed on an uninitialized clk pointer,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: davinci: A NULL check was added in davincilpscclkregister. devmkasprintf returns NULL when memory allocation fails. Currently, davincilpscclkregister does not check for this case, resulting in a NULL pointer being...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fixed a potential out-of-bounds write in lan743xptpioeventclockget. Before calling lan743xptpioeventclockget, the ‘channel’ value is checked against the maximum value of PCI11X1XPTPIOMAXCHANNELS8. This seems correct...

Linux Distros Unpatched Vulnerability : CVE-2026-43015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: macb: fix clk handling on PCI glue driver removal platformdeviceunregister may still want to use the registered clks during runtime resume callback. Note...

CVE-2026-43015

A flaw was found in the Linux kernel’s macb network driver. Improper handling of clock resources during the removal of a PCI Peripheral Component Interconnect device driver can lead to a use-after-free vulnerability. A local attacker could exploit this by performing specific module operations,...

CVE-2026-43014

In the Linux kernel, the following vulnerability has been resolved: net: macb: properly unregister fixed rate clocks The additional resources allocated with clkregisterfixedrate need to be released with clkunregisterfixedrate, otherwise they are lost...

CVE-2026-43015

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix clk handling on PCI glue driver removal platformdeviceunregister may still want to use the registered clks during runtime resume callback. Note that there is a commit d82d5303c4c5 "net: macb: fix use after free on...

CVE-2026-31756

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...

EUVD-2026-26614

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix clk handling on PCI glue driver removal platformdeviceunregister may still want to use the registered clks during runtime resume callback. Note that there is a commit d82d5303c4c5 "net: macb: fix use after free on...

CVE-2026-43015

The CVE-2026-43015 issue is in the Linux kernel macb PCI glue driver where clk handling during platform_device_unregister() can be used after the device is unregistered. The root cause is that platform_device_unregister may still use registered clks during a runtime resume callback, leading to a ...

CVE-2026-43015

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix clk handling on PCI glue driver removal platformdeviceunregister may still want to use the registered clks during runtime resume callback. Note that there is a commit d82d5303c4c5 "net: macb: fix use after free on...