Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fixed a memory leak in kvmeiointcdestroy. In kvmioctlcreatedevice, kvmdevice allocates memory. kvmdevice-destroy seems to be supposed to free up the kvmdevice structure, but kvmeiointcDestroy does not do this...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: hwmon: w83792d Fixed NULL pointer dereferencing by removing unnecessary structure fields. If the driver reads a value that is sufficient for the condition: val & 0x08 && !val & 0x80 && val & 0x7 == val 4 & 0x7 then NULL pointe...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fixed a memory leak when thresholdcreatebank fails. In mcethresholdcreatedevice, if thresholdcreatebank fails, the previously allocated thresholdbanks array @bp will be leaked, because the call to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmvtpmproxy: fixed a race condition in the creation of /dev/vtpmx. The /dev/vtpmx becomes visible before ‘workqueue’ is initialized, which can lead to memory corruption in the worst-case scenario. This issue is addressed by...

CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns rtnlnewlink lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices veth, vxcan, netkit. This allows an unprivileged user with a...

CVE-2026-23028

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmipidestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmipidestroy is not currently doing this, that...

CVE-2026-23029

The CVE-2026-23029 entry describes a memory-leak in the LoongArch KVM path of the Linux kernel. In kvm_ioctl_create_device(), kvm_device is allocated, but the kvm_device->destroy() path (kvm_eiointc_destroy()) does not free the allocated kvm_device struct, leading to a leak. Multiple sources (...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002086)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002086 advisory. Use-after-free vulnerability in the kvmioctlcreatedevice function in virt/kvm/kvmmain.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002705)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002705 advisory. The dmgetfromkobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service BUG by leveraging a race condition...

EUVD-2020-23226

Malware in sbrugna...

EUVD-2022-55329

Malicious code in bioql PyPI...

EUVD-2025-27931

Malicious code in bioql PyPI...

EUVD-2023-33245

Malicious code in bioql PyPI...

CVE-2023-53307

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...

DEBIAN-CVE-2023-53307

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...

CVE-2023-53307

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...

CVE-2023-53307 rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in dorbdadd when rbddevcreate fails If getting an ID or setting up a work queue in rbddevcreate fails, use-after-free on rbddev-rbdclient, rbddev-spec and rbddev-opts is triggered in dorbdadd. The root...

kernel: xfrm: interface: fix use-after-free after changing collect_md xfrm interface

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...

UBUNTU-CVE-2025-38606

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif-ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces vifs and attempts to access the radio object ar via arvif-deflink-ar...

CVE-2025-38500 xfrm: interface: fix use-after-free after changing collect_md xfrm interface

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...