Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: Do not break the lifecycle of vmdev. vmdev has a separate lifecycle because it has a struct device embedded within it. Therefore, having a release callback for it is correct. However, allocating the vmdev structure...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - net: dsa: felix: do not use devres for mdiobus. As explained in the commits: - 74b6d7d13307: “net: dsa: realtek: register the MDIO bus using devres”. - 5135e96a3dd2: “net: dsa: do not allocate the slavemiibus using devres”...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: lantiqgswip: Do not use devres for mdiobus As explained in the commits: 74b6d7d13307 “net: dsa: realtek: Register the MDIO bus using devres” 5135e96a3dd2 “net: dsa: Do not allocate the slavemiibus using devres” The...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: clk: A memory leak was fixed in devmclknotifierregister. devmclknotifierregister allocates a device resource for the clk notifier, but it does not register that resource with the device. As a result, the notifier remains...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: bcmsf2: do not use devres for mdiobus As explained in the commits: 74b6d7d13307 "net: dsa: realtek: register the MDIO bus using devres" 5135e96a3dd2 "net: dsa: do not allocate the slavemiibus using devres" The...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307 – fixed the double-free of devmkzalloc memory. A previous change added NULL checks and cleanup procedures for allocation failures in sma1307settingloaded. However, the cleanup for modeset entries is incorrect. These...

SUSE CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

UBUNTU-CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

EUVD-2026-32855

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

CVE-2026-46228

CVE-2026-46228 affects the Linux kernel, in the spi: ch341 driver, due to incorrect management of device resources (devres) lifetime. When a USB driver is unbound (e.g., probe deferral or config changes), resources tied to the interface could leak because their lifetimes weren’t released with the...

CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

SUSE CVE-2026-46103

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

CVE-2026-46103

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

UBUNTU-CVE-2026-46060

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix IRQ cleanup on 6xxx probe failure When adfdevup partially completes and then fails, the IRQ handlers registered during adfisrresourcealloc are not detached before the MSI-X vectors are released. Since the device...

UBUNTU-CVE-2026-46103

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

EUVD-2026-32486

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

CVE-2026-46103

CVE-2026-46103 affects the Linux kernel, specifically the USB stack where can: ucan fixes the devres lifetime. The root cause is that resources bound to USB interfaces were not guaranteed to outlive the parent USB device, leading to memory leaks when drivers unbind (e.g., during probe deferrals o...

CVE-2026-46060

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix IRQ cleanup on 6xxx probe failure When adfdevup partially completes and then fails, the IRQ handlers registered during adfisrresourcealloc are not detached before the MSI-X vectors are released. Since the device...