EUVD-2026-38910

In the Linux kernel, the following vulnerability has been resolved: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal CXL is linked before fwctl in drivers/Makefile. Both use moduleinit, so cxlpcidriverinit runs first. When cxlpciprobe calls fwctlregister and then...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed the cxlregion leak, and cleaned up targets when a region is deleted. When a region is deleted, any targets that were previously assigned to that region still hold references to it. To trigger the release of thos...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Hold a reference to the port until the decoder is released. KASAN + DEBUGKOBJECTRELEASE reports a potential use-after-free in cxldecoderrelease. This function references its parent object, a cxlport, to free its id back...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Do not attempt cleanup after a failure in cxlRegionAttach. The commit 5e42bcbc3fef “cxl/region: decrement -nrtargets on error in cxlRegionAttach” attempted to avoid initialization errors when -nrtargets exceeds 16 by...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fixed race conditions related to nvdimm registration. A loop of the form: c while true; do modprobe cxlpci; modprobe -r cxlpci; done …fails with the following crash message: BUG: Kernel NULL pointer dereference, address...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cxl: fixed a possible null-ptr-deref in cxlpciinitafu|adapter. If deviceregister fails in cxlpciafu|adapter, the device is not added. In this case, deviceunregister cannot be called in the error path. Otherwise, a null-ptr-deref...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fixed the issue where memory is disabled if the DVSEC CXL range does not match a CFMWS window. The Linux CXL subsystem is based on the assumption that HPA == SPA. That is, the host physical address HPA of HDM decoder...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: cxl: Fixed the refcount leak in cxlcalccapprouting. The ofgetnextparent function returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer needed. This function only calls ofnodeput ...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: cxl: fixed a possible null-ptr-deref in cxlguestinitafu|adapter. If deviceregister fails in cxlregisterafu|adapter, the device is not added. In this case, deviceunregister cannot be called in the error path. Otherwise, a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl: Fixed a race condition involving the nvdimmbus object when creating nvdimm objects. A issue was found during the execution of the cxl-translate.sh unit test. Adding a 3-second sleep right before the test seems to make the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: nvdimm: Fixed scenarios where firmware activation led to deadlocks. Lockdep reports the following deadlock scenarios for CXL root devices: - power-management, deviceprepare, operations, and deviceshutdown operations for...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed the crash that occurred during decoder allocation. When the decoders of an intermediate port are exhausted by existing regions, and a new region is created with that port in its hierarchical path, the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed memregion leaks in devmcxladdregion. The mode verification was moved to createregion, before allocating the memregion, to avoid memregion leaks...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/region: Fixed leakage in constructregion. The first call to sysfsupdategroup requires explicitly freeing the resource, as it is too early for cxlregioniomemrelease to be called...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/features: Added a check to ensure there are entries in cxlfeatureinfo. In cxl EDAC calls cxlfeatureinfo to obtain feature information, if the hardware does not support any features, cxlfs can be passed as NULL. 51.957498...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: cxl/acpi: Fixed a use-after-free in cxlparsecfmws KASAN and KFENCE detected a use-after-free in the CXL driver. This occurs in the cxldecoderadd function’s failure path. KASAN prints the following error: BUG: KASAN:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/mbox: The payload size is validated before accessing the contents of cxlpayloadfromuserallowed. The cxlpayloadfromuserallowed function casts and dereferences the input payload without first verifying its size. When a raw...

SUSE CVE-2026-31529

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in constructregion Failing the first sysfsupdategroup needs to explicitly kfree the resource as it is too early for cxlregioniomemrelease to do so...

CVE-2026-31529

A flaw was found in the Linux kernel's cxl/region component. This vulnerability involves a resource leakage within the constructregion function. When sysfsupdategroup fails, the resource is not explicitly freed, leading to a memory leak. This could potentially allow a local attacker to cause a...

EUVD-2026-24925

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parentport in cxldetachep cxldetachep is called during bottom-up removal when all CXL memory devices beneath a switch port have been removed. For each port in the hierarchy it locks both the port a...