Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: arm64/entry: The DAIF flag was unmasked in cpuswitchto, and in callonirqstack. cpuswitchto and callonirqstack manipulate the SP register to switch to different stacks, along with the Shadow Call Stack if it is enabled. These t...

UBUNTU-CVE-2025-71078

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/slb: Fix SLB multihit issue during SLB preload On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache is subject to period...

EUVD-2025-25531

Malicious code in bioql PyPI...

arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()

...

SUSE CVE-2025-38670

In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpuswitchto, callonirqstack cpuswitchto and callonirqstack manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically...

AZL-75093 CVE-2025-38670 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpuswitchto, callonirqstack cpuswitchto and callonirqstack manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically...

AZL-66656 CVE-2025-38670 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpuswitchto, callonirqstack cpuswitchto and callonirqstack manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically...

UBUNTU-CVE-2025-38670

In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpuswitchto, callonirqstack cpuswitchto and callonirqstack manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically...

CVE-2025-38670

CVE-2025-38670 affects ARM64 Linux kernel. The vulnerability arises in cpu_switch_to() and call_on_irq_stack() where masking and saving the DAIF state and SCS pointers are not atomic across stack switches, allowing a race during task/IRQ stack transitions. Interrupts (SErrors/Debug Exceptions) ca...

CVE-2025-38670 arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()

In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpuswitchto, callonirqstack cpuswitchto and callonirqstack manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically...

CVE-2023-52761

In the Linux kernel, the following vulnerability has been resolved: riscv: VMAPSTACK overflow detection thread-safe commit 31da94c25aea "riscv: add VMAPSTACK overflow detection" added support for CONFIGVMAPSTACK. If overflow is detected, CPU switches to shadowstack temporarily before switching...

SUSE CVE-2017-10916

The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions MPX and Protection Key PKU features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220...

ALPINE-CVE-2017-10916

The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions MPX and Protection Key PKU features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220...