32 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ACPI: Fix NULL pointer dereferencing Commit 71f642833284 “ACPI: utils: Fix reference counting in foreachacpidevmatch” began to perform “acpidevput” on a pointer that might be NULL. This approach fails miserably, as the helper...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: aoe: The potential use-after-free issue in aoecmdcfgpkts has been fixed. This patch addresses CVE-2023-6270. The description of the vulnerability is as follows: A flaw was discovered in the ATA over Ethernet AoE driver within the...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: hwrng: amd – Fix the PCI device reference count leak foreachpcidev is implemented through pcigetdevice. The comment for pcigetdevice states that it will increase the reference count of the returned pcidev, and also decrease th...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: - ice: Fixed the KASAN error in the LAG NETDEVUNREGISTER handler. Currently, the same handler is called for both the NETDEVBONDINGINFO LAG unlink notification and the NETDEVUNREGISTER call. This causes problems, as the...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: macsec: Fixed the UAF bug related to realdev. A new macsec device was created, but there was no reference to realdev. This does not ensure that realdev is freed after the macsec device is removed. This will trigger the UAF bug...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013590)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013590 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix pci device refcount leak As comment of pcigetdomainbusandslot says, it returns a...
kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM subsystem. An authenticated local attacker could exploit a Use-After-Free UAF vulnerability in the /proc/net/atm/lec handling. This flaw occurs due to improper devput calls without prior devhold calls, leading to an imbalance i...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-006568)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006568 advisory. In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmdcfgpkts This patch is against CVE-2023-627...
UBUNTU-CVE-2026-23192
In the Linux kernel, the following vulnerability has been resolved: linkwatch: use devput in callers to prevent UAF After linkwatchdodev calls devput to release the linkwatch reference, the device refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees an empt...
CVE-2026-23192 linkwatch: use __dev_put() in callers to prevent UAF
In the Linux kernel, the following vulnerability has been resolved: linkwatch: use devput in callers to prevent UAF After linkwatchdodev calls devput to release the linkwatch reference, the device refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees an empt...
CVE-2026-23192
Summary (CVE-2026-23192) : This is a use-after-free in the Linux kernel’s linkwatch subsystem. When a network device is deleted while linkwatch events are pending, the device reference may be freed prematurely (in linkwatch_do_dev), allowing __linkwatch_run_queue to access a freed device. The fix...
CVE-2026-23192
In the Linux kernel, the following vulnerability has been resolved: linkwatch: use devput in callers to prevent UAF After linkwatchdodev calls devput to release the linkwatch reference, the device refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees an empt...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993310)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993310 advisory. In the Linux kernel, the following vulnerability has been resolved: ocxl: fix pci device refcount leak when calling getfunction0 getfunction0 calls...
CVE-2022-50868 hwrng: amd - Fix PCI device refcount leak
In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count for...
CVE-2022-50659 hwrng: geode - Fix PCI device refcount leak
In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count fo...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988775)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988775 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ACPI: utils: Fix reference counting in...
EUVD-2025-31964
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-50337
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ocxl: fix pci device refcount leak when calling getfunction0 getfunction0 calls...
CVE-2022-50318
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in hswephaslimitsbox pcigetdevice will increase the reference count for the returned 'dev'. We need to call pcidevput to decrease the reference count. Since 'dev' is only used in...
AZL-66356 CVE-2025-38542 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix device refcount leak in atrtrcreate When updating an existing route entry in atrtrcreate, the old device reference was not being released before assigning the new device, leading to a device refcount leak. Fix...