336 matches found
SUSE-SU-2026:22433-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in...
EUVD-2026-38910
In the Linux kernel, the following vulnerability has been resolved: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal CXL is linked before fwctl in drivers/Makefile. Both use moduleinit, so cxlpcidriverinit runs first. When cxlpciprobe calls fwctlregister and then...
SUSE-SU-2026:2482-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths bsc1248235. - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: cxl/mbox: The payload size is validated before accessing the contents of cxlpayloadfromuserallowed. The cxlpayloadfromuserallowed function casts and dereferences the input payload without first verifying its size. When a raw...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed the cxlregion leak, and cleaned up targets when a region is deleted. When a region is deleted, any targets that were previously assigned to that region still hold references to it. To trigger the release of thos...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: cxl/region: Do not attempt cleanup after a failure in cxlRegionAttach. Commit 5e42bcbc3fef “cxl/region: Decrement -nrtargets in case of errors in cxlRegionAttach” attempted to prevent initialization errors when -nrtargets...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fixed race conditions related to nvdimm registration. A loop of the form: c while true; do modprobe cxlpci; modprobe -r cxlpci; done …fails with the following crash message: BUG: Kernel NULL pointer dereference, address...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: cxl: fixed a possible null-ptr-deref in cxlPCIinitafu|adapter. If deviceRegister fails in cxlPCIafu|adapter, the device is not added. In such cases, deviceUnregister cannot be called in the error path; otherwise, a null-ptr-deref...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed the crash that occurred during decoder allocation. When the decoders of an intermediate port are exhausted by existing regions, and a new region is created with that port in its hierarchical path, the...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: cxl: Fixed the refcount leak in cxlcalccapprouting. The ofgetnextparent function returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer needed. This function only calls ofnodeput ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed memregion leaks in devmcxladdregion. The mode verification was moved to createregion, before allocating the memregion, to avoid memregion leaks...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvdimm: Fixed scenarios where firmware activation led to deadlocks. Lockdep reports the following deadlock scenarios for CXL root devices: - power-management, deviceprepare, operations, and deviceshutdown operations for...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: cxl/acpi: Fixed a use-after-free in cxlparsecfmws KASAN and KFENCE detected a use-after-free in the CXL driver. This occurs in the cxldecoderadd function’s failure path. KASAN outputs the following error: BUG: KASAN:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: cxl/features: Added a check to ensure there are entries in cxlfeatureinfo. In cxl EDAC calls cxlfeatureinfo to obtain feature information, if the hardware does not support any features, cxlfs can be passed as NULL. 51.957498...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: cxl: fixed a possible null-ptr-deref in cxlguestinitafu|adapter. If deviceregister fails in cxlregisterafu|adapter, the device is not added. In this case, deviceunregister cannot be called in the error path. Otherwise, a...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fixed the issue where memory is disabled if the DVSEC CXL range does not match a CFMWS window. The Linux CXL subsystem is based on the assumption that HPA == SPA. That is, the host physical address HPA of HDM decoder...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cxl/port: Hold a reference to the port until the decoder is released. KASAN + DEBUGKOBJECTRELEASE reports a potential use-after-free in cxldecoderrelease. This function references its parent object, a cxlport, to free its id back...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: cxl/region: Fixed leakage in constructregion. The first call to sysfsupdategroup requires explicitly freeing the resource, as it is too early for cxlregioniomemrelease to be called...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: cxl: Fixed a race condition involving the nvdimmbus object when creating nvdimm objects. A issue was found during the execution of the cxl-translate.sh unit test. Adding a 3-second sleep right before the test seems to make the...
SUSE CVE-2026-31529
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in constructregion Failing the first sysfsupdategroup needs to explicitly kfree the resource as it is too early for cxlregioniomemrelease to do so...