Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fixed a possible NULL pointer dereferencing caused by driver concurrency. In dwc2hcdurbenqueue, the statement “urb-hcpriv = NULL” is executed without holding the lock “hsotg-lock”. In dwc2hcdurbdequeue: c...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for Tegra194, where random system crashes have been observed 0. The problem occurs when the split header...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: perf/dwcpcie: fixed duplicate PCIDEV devices. During the platformdeviceregister function, the incorrect use of structdevice as platformdata resulted in a kmemdup operation on the PCIDEV device. Even worse, accessing the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Bail out from dwc3gadgetexit if dwc-gadget is NULL. There exists a possible scenario in which dwc3gadgetinit may fail: during the switch between peripheral and host modes in dwc3setmode, and if a pending gadget...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ata: satadwc460ex: Fixed a crash that occurred due to out-of-bounds writing. The driver utilizes the “tag” values from various arrays provided by libata. Since the mentioned patch increased ATATAGINTERNAL to 32, the value of...

CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dwpcieepraisemsixirq to raise an MSI-X interrupt to the host using a writel, which generates a PCI posted write transaction. There's no completio...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005804)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005804 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix potential memory leak Function dwc3qcomprobe allocates memory for resource...

Linux Distros Unpatched Vulnerability : CVE-2025-71200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52M...

CVE-2025-71200 mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56719)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56719 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causi...

PT-2026-27726

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the PCI subsystem, specifically within the dwc endpoint driver. The issue relates to a race condition when handling MSI-X interrupts. Endpoint drivers...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990509)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990509 advisory. In the Linux kernel, the following vulnerability has been resolved: ata: satadwc460ex: Fix crash due to OOB write the driver uses libata's tag values from in various...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988867)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988867 advisory. In the Linux kernel, the following vulnerability has been resolved: ata: satadwc460ex: Fix crash due to OOB write the driver uses libata's tag values from in various...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989722)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989722 advisory. In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989375)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989375 advisory. In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the...

usb: dwc3: host: Stop setting the ACPI companion

...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987579)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987579 advisory. In the Linux kernel, the following vulnerability has been resolved: ata: satadwc460ex: Fix crash due to OOB write the driver uses libata's tag values from in various...

UBUNTU-CVE-2022-50146

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dwpcieepinit errors If dwpcieepinit fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory...

The vulnerability of the SATA_DWC_QCMD_MAX() function in the Linux kernel driver/ata/sata_dwc_460ex.c file allows a hacker to cause a service failure.

The vulnerability of the SATADWCQCMDMAX function in the Linux kernel’s drivers/ata/satadwc460ex.c file is related to read errors outside of the allowed range. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-37746

In the Linux kernel, the following vulnerability has been resolved: perf/dwcpcie: fix duplicate pcidev devices During platformdeviceregister, wrongly using struct device pcidev as platformdata caused a kmemdup copy of pcidev. Worse still, accessing the duplicated device leads to list corruption a...