Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the wl1251txpacketcb function not verifying the firmware completion ID range, potentially leading to...

PT-2026-37423

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description An out-of-bounds array access exists in the WiFi wl1251 driver. The wl1251 tx packet cb function uses a firmware completion ID, provided as a raw u8 from the completion block, to index t...

Linux Distros Unpatched Vulnerability : CVE-2026-43113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: wl1251: validate packet IDs before indexing txframes wl1251txpacketcb uses the firmware completion ID directly to index the fixed 16-entry wl-txframes...

CLSA-2026-1778008248 vim: Fix of 5 CVEs

CVE-2022-2125: fix out-of-bounds read in getlispindent; break out of the inner loop on NUL byte indent.c, upstream patch 8.2.5122 - CVE-2021-3974: fix use-after-free in nfaregmatch when a substitute callback frees the regline during a mark comparison; save col and re-fetch rex.line via reggetline...

EUVD-2026-27351

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 "Bluetooth: MGMT: Fix possible UAFs" introduced mgmtpendingvalid, which not only validates the pending command but also unlinks it from...

CVE-2026-43059

CVE-2026-43059 affects the Linux kernel Bluetooth MGMT path. A change introducing mgmt_pending_valid() caused completion handlers to unlink commands from the pending list, which could lead to list corruption and potential memory safety issues. The patch fixes two issues: (1) in mgmt_add_adv_patte...

kernel: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()

QLogic qede driver processes TPA TCP/IP Packet Aggregation completion queue entries by iterating through lenlist until hitting a zero terminator. Malformed or corrupted completion entries lacking this sentinel cause the loop to read beyond array bounds. SVACE static analysis identified that...

CLSA-2026-1777944852 vim: Fix of 2 CVEs

CVE-2021-3984: in findstartbrace misc1.c, when a found '' lies inside a comment, restore the full cursor position line and column instead of only the line so subsequent C-indent lookups stay within the line bounds. - CVE-2022-2571: in inscomplgetexp edit.c, when CONTADDING is active, only advance...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: IB/cm: A drop lockdep assertion and WARN are issued when freeing old messages. The send completion handler can run after cmid has advanced to another message. In this case, the cmid lock is not necessary. However, a recent change...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fixed the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring that tasks do not get stuck, as highlighted by the call trace 1. During recovery, before transitioning th...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Prevents handling of any completions after the destruction of a QP Queue Pair. The hardware may generate completions indicating that the QP has been destroyed. The driver should not schedule any completion handlers f...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize freeqp completion before using it. In irdmacreateqp, if ibcopytoudata fails, it will call irdmaDestroyQp to clean up. This process will attempt to wait for the freeqp completion, but freeqp has not yet been...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/efa: Fixed the issue of using the completion context after it was freed. Regarding the handling of admin queue completion, if the admin command completes with an error, we print data from the completion context. The issue...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Returns a CQE error if an invalid lkey is provided. RXE fails to update the WQE status in cases of LOCALwrite failures. This caused the following kernel panic if someone performed an atomic operation with an explicit...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fixed a possible issue where the descriptor completion was performed incorrectly in llistabortdesc. At the end of this function, d represents the traversal cursor of flist, but the code actually completes the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed a issue where a “use-after-free” condition could occur during an interrupt. During a destroy CQ operation, an interrupt may cause the processing of a CQE to occur after the resources managed by irdmacqfreersrc...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: host – Fixed the dereference issue in the DDMA completion flow. The dereference issue in the DDMA completion flow has been addressed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: TI: am65-cpsw-nuss: Fixed null pointer dereferencing for ndev. In the TX completion packet stage of TI SoCs with CPSW2G instances, which have a single external Ethernet port, ndev is accessed without being...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/irdma: Fixed a data race on CQP completion statistics. CQP completion statistics is locked when used in irdmawaitevent and irdmacheckcqpprogress. However, it can also be updated in the completion thread irdmascccqgetcqein...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed a potential data race in rxrpcwaittobeconnected. Inside the loop in rxrpcwaittobeconnected, it checks call-error to determine whether to exit the loop without first checking the call state. This is probably safe, as...