Security update for xen

This update for xen fixes the following issues CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. CVE-2026-23558: grant tabl...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from issues with the pkvminitvcpu function in KVM arm64. These issues involve pin leakage and ordering...

SUSE CVE-2023-20593

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: lib/groupcpus: Fixed a NULL pointer dereferencing issue in groupcpusevenly. While testing nullblk with configfs, executing echo 0 pollqueues would trigger the following panic: BUG: NULL pointer dereferencing in the kernel, addres...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: The crash in iclupdatetopdownevent has been fixed. The perffuzzer detected a hard-lockup crash on a RaptorLake machine: Oops: General Protection Fault, possibly at address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PI...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQs before initfn for non-boot CPUs. Disable IRQs before initfn for non-boot CPUs during hotplug operations, in order to silence such warnings and also to avoid potential errors due to unexpected interrupts...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powercap: intelrapl: A NULL pointer dereference issue has been fixed. A NULL pointer dereference occurs when probing the MMIO RAPL driver on platforms where the CPU ID is not listed in the intelraplcommon CPU model list. This...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: The incorrect check in updateparentsubpartscpumask has been fixed. It was discovered that the check to determine whether a partition can use all the CPUs from the parent cpuset in updateparentsubpartscpumask was...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fixed an out-of-bounds access in parseintegerlimit. When configuring osnoisecpus using the write system call, the following KASAN exception may occur: BUG: KASAN: Out-of-bounds access in...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ARM: rockchip: fixed a kernel hang during SMP initialization To enable the secondary CPUs’ main CPU write trampoline code to SRAM, the trampoline code is written while the secondary CPUs are powered on at least this is true fo...

UBUNTU-CVE-2026-43344

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbeppci2phymapinit, in the nrnodeids 8 path, uncoredevicetodie may return -1 when all CPUs associated with the UBOX device are offline. Remove the WARNONONCEdieid == -1...

CVE-2026-43344

CVE-2026-43344 affects the Linux kernel perf/x86/intel/uncore subsystem. The root cause is incorrect die ID initialization/lookup in snbep_pci2phy_map_init() that can produce die_id == -1 when CPUs are offline or when NUMA is disabled, causing uncore_device_to_die() to misbehave and PMON units to...

PT-2026-38977

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the sched ext component due to the SCX KICK WAIT mechanism. The kick cpus irq workfn function performs a busy-wait using smp cond load acquire until the target CPU's...

Linux Distros Unpatched Vulnerability : CVE-2026-43326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target...

EUVD-2026-27669

In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchpipcgetclusteraggrirq The clustercfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of online CPUs. Previously, thi...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs. If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, the following warning is observed upon reboot: kexec: Waking offline CPU 228...

Astra Linux - уязвимость в intel-microcode

Insufficient resource pool in the core management mechanism for some IntelR Processors may allow an authenticated user to potentially enable denial of service via local access...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/irdma: The Cap MSIX used to online CPUs + 1 The irdma driver can use a maximum number of msix vectors equal to numonlinecpus + 1. If this number is exceeded, the kernel will issue a warning when the driver attempts to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ixgbexdpsetup The ixgbe driver currently generates a NULL pointer dereference with some machine online cpus ringfeatureRINGFFFDIR.limit = count; It becomes 63. When user use xdp,...