Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-8255-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8255-1 advisory. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform...

CVE-2026-43445

A flaw was found in the Linux kernel's e1000 and e1000e network drivers. When an error occurs during the mapping of transmit TX buffers, an off-by-one error in the Direct Memory Access DMA cleanup process can lead to a memory leak. This issue results in the gradual exhaustion of system resources,...

CLSA-2026-1778266904 kernel: Fix of 188 CVEs

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present - xfrm: esp: avoid in-place decrypt on shared skb frags - clk: Fix clkhwgetclk when dev is NULL CVE-2022-49187 - x86/sgx: Add overflow check in sgxvalidateoffsetlength CVE-2022-49785 - ext4: init quota for 'old.inode' in...

CVE-2026-43356

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...

UBUNTU-CVE-2026-43356

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...

CVE-2026-43340

In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev-spinlock between attachments to low-level drivers struct comedidevice is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member spinlock containing a spin-lock...

UBUNTU-CVE-2026-43340

In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev-spinlock between attachments to low-level drivers struct comedidevice is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member spinlock containing a spin-lock...

UBUNTU-CVE-2025-71301

In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around vmap/vunmap Acquire and release the GEM object's reservation lock around vmap and vunmap operations. The tests use vmaplocked, which led to errors such as show below. 122.292030...

CVE-2026-43340 comedi: Reinit dev->spinlock between attachments to low-level drivers

In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev-spinlock between attachments to low-level drivers struct comedidevice is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member spinlock containing a spin-lock...

CVE-2026-43340

In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev-spinlock between attachments to low-level drivers struct comedidevice is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member spinlock containing a spin-lock...

CVE-2026-43340

Summary (CVE-2026-43340): The Linux kernel COMEDI subsystem contains a spinlock (dev->spinlock) in struct comedi_device that can be reinitialized when a COMEDI device is reattached to different low-level drivers via COMEDI_DEVCONFIG. This race can occur if multiple drivers with different lockd...

CVE-2026-43340

In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev-spinlock between attachments to low-level drivers struct comedidevice is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member spinlock containing a spin-lock...

PT-2026-38991

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the COMEDI subsystem, the struct comedi device contains a spinlock member intended for use by low-level drivers. Certain COMEDI devices can be attached to different low-level drivers...

USN-8260-1 linux-azure-fips vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8258-1 linux-azure vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8258-1: Linux kernel (Azure) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8257-1 linux-raspi vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8257-1: Linux kernel (Raspberry Pi) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8255-1: Linux kernel vulnerabilities

Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. CVE-2023-2640 Shir Tamari and Sagi Tzadik...

USN-8255-1 linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-azure, linux-azure-fips, linux-fips, linux-gcp, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-realtime vulnerabilities

Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. CVE-2023-2640 Shir Tamari and Sagi Tzadik...