737 matches found
USN-8492-2 linux-aws-6.8, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm-6.8, linux-nvidia-lowlatency, linux-oracle-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...
USN-8488-1 linux, linux-aws, linux-gcp, linux-ibm, linux-oracle, linux-realtime vulnerabilities
It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker could use this to expose sensitive information. CVE-2025-54505 Several security issues were discovered in the Linux kernel. An attacker could...
CVE-2026-53332
In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver being probed, or the remoteproc is already up when the PDR lookup is being registered, or in the...
CVE-2026-10647
The CVE concerns the USB CDC-NCM driver (subsys/usb/device_next/class/usbd_cdc_ncm.c) in Zephyr. The code ignores the return value of usbd_ep_enqueue() in cdc_ncm_send(); when enqueue fails, it still calls k_sem_take(&data-sync_sem, K_FOREVER), waiting on a completion that is only signaled from t...
CVE-2026-45195
CVE-2026-45195 affects kernel software inside a Host VM that posts commands to GPU Firmware, enabling memory reads/writes outside the host kernel’s permitted range. Root cause: untrusted addresses passed to rgxfw_set_mips_fault_address in the GPU DDK may grant the firmware privileged memory acces...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/dp: populate the connector of the struct dppanel structure. In the DP CTS test case 4.2.2.6, the edid has a valid checksum, but the checksum is intentionally incorrect. It is expected that the DP source returns a corre...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: phy: Fixed a null-ptr-deref issue when the probe function failed. I received a report of a null-ptr-deref issue during the fault injection test. Bug: NULL pointer dereferencing in the kernel. Address: 0000000000000058 Oops:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
A race condition was detected in the Linux kernel’s media/xc4000 device driver, specifically in the xc4000getfrequency function. This can lead to a return value overflow issue, potentially causing malfunctions or denial-of-service problems...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : QEMU vulnerabilities (USN-8412-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8412-1 advisory. Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly...
CVE-2026-45956
The CVE-2026-45956 entry concerns the Linux kernel DRM Exynos driver (vidi) where vidi_connection_ioctl() incorrectly reads driver_data from drm_dev->dev, which points to the exynos-drm master device rather than the vidi component device. This mismatch can trigger null pointer dereferences, ga...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: fixed a memory leak in the vfioap device driver. The device release callback function invoked to release the matrix device uses the devgetdrvdata function to retrieve the pointer to the vfiomatrixdev object in order...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: blk-mq: Fixed a possible memory leak when registering the ‘hctx’ structure failed. There is one issue that arises during fault injection tests: An unreferenced object with a size of 512 bytes: bash comm "insmod", pid 308021,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: idpf: Error handling in the inittask during loading was fixed. If the inittask fails during driver loading, we end up with no vports and netdevs, effectively failing the entire process. In that state, a subsequent reset will resu...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: uio: uiodmemgenirq: Fixed an issue where the unlock operation was missed in irq configuration. The commit b74351287d4b “uio: fixed a bug in uiodmemgenirqirqcontrol”. corrected the code so that disableirq was called without...
Astra Linux – Vulnerability in Linux 5.10, Linux
A vulnerability related to out-of-bounds memory access was discovered in the Linux kernel’s TUN/TAP device driver functionality. This vulnerability occurs when a user generates a malicious excessively large network packet while napi frags is enabled. This flaw allows a local user to cause a syste...
Astra Linux – Vulnerability in Linux
A out-of-bounds memory write flaw was discovered in the listdevices function within drivers/md/dm-ioctl.c in the Multi-device driver module of the Linux kernel before version 5.12. A bound check failure allows an attacker with special user CAPSYSADMIN privileges to gain access to out-of-bounds...
CVE-2026-43430
A flaw was found in the Linux kernel's yurex USB driver. A race condition occurs during the device probing process, where internal descriptor data can be overwritten before proper initialization. This vulnerability could lead to data corruption or unexpected system behavior, impacting the stabili...
CVE-2026-43426 usb: renesas_usbhs: fix use-after-free in ISR during device removal
In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: fix use-after-free in ISR during device removal In usbhsremove, the driver frees resources including the pipe array while the interrupt handler usbhsinterrupt is still registered. If an interrupt fires after...
USN-8258-1: Linux kernel (Azure) vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
CVE-2026-43082
CVE-2026-43082 affects the Linux kernel net: txgbe component. The issue arises from how property_entry lists are terminated: the driver allocated exactly the number of entries used and did not reserve space for the terminating empty entry. The fix updates the struct definition of property_entry t...