Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fixed the kernel panic by avoiding access to unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been completely removed since the commit 16d98b548365 “mt76: mt7921:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Length parity checks were performed before switching to 16-bit mode. The commit fc96ec826bce “spi: fsl-cpm: Use 16-bit mode for large transfers with even size” failed to ensure that the size of the data transfer was...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ath5k: The OOB issue in ath5keepromreadpcalinfo5111 has been fixed. The bug was discovered during fuzzing. The stack trace indicates that the issue lies in ath5keepromconvertpcalinfo5111. When no curve is selected in the loop, th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Ice: The operation copy last block was omitted in icegetmoduleeeprom. icegetmoduleeeprom is broken since the commit e9c9692c8a81 “Ice: Reimplement module reads used by ethtool”. In this refactoring, icegetmoduleeeprom reads the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: lan743x: The EEPROM and OTP sizes for PCI1xxxx devices have been modified. The maximum OTP and EEPROM sizes for PCI1xxxx devices are 8 Kb and 64 Kb respectively. The maximum size definitions have been adjusted, and the corre...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Octeontx2-af: Added proper checks for fwdata. Firmware populates the MAC address, link modes supported, advertised, and EEPROM data in the shared firmware structure. Kernel access is via the MAC block CGX/RPM. Accessing fwdata...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ethtool: eeprom: fixed the null-dereference on genlinfo in the dump. A similar fix, as described in commit 46cdedf2a0fa “ethtool: pse-pd: fixed the null-dereference on genlinfo in the dump”, is also required for ethtool eeprom...

SUSE CVE-2025-71293

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/ras: Move ras data alloc before bad page check In the rare event if eeprom has only invalid address entries, allocation is skipped, this causes following NULL pointer issue 547.103445 BUG: kernel NULL pointer...

CVE-2025-71293

A flaw was found in the Linux kernel's AMD GPU amdgpu driver. This vulnerability occurs when the EEPROM Electrically Erasable Programmable Read-Only Memory contains only invalid address entries, causing a critical data allocation to be skipped. This leads to a NULL pointer dereference, which can...

CVE-2025-71293

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/ras: Move ras data alloc before bad page check In the rare event if eeprom has only invalid address entries, allocation is skipped, this causes following NULL pointer issue 547.103445 BUG: kernel NULL pointer...

CVE-2025-71293

CVE-2025-71293 concerns the Linux kernel amdgpu ras issue where, if eeprom contained only invalid addresses, allocation could be skipped and lead to a NULL pointer dereference when reading bad pages. The fix moves the ras data allocation before the bad-page check, resolving a NULL pointer derefer...

CVE-2025-71293 drm/amdgpu/ras: Move ras data alloc before bad page check

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/ras: Move ras data alloc before bad page check In the rare event if eeprom has only invalid address entries, allocation is skipped, this causes following NULL pointer issue 547.103445 BUG: kernel NULL pointer...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: eeprom: ee1004 – limits the number of bytes that can be read from I2C to I2CSMBUSBLOCKMAX. The commit effa453168a7 “i2c: i801: Do not silently correct invalid transfer size” revealed that ee1004eepromread does not properly limit...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007004)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007004 advisory. In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem devi...

CLSA-2026-1775745943 kernel: Fix of 5 CVEs

net/sched: schhfsc: upgrade 'rt' to 'sc' when it becomes a inner curve CVE-2023-4623 - net/sched: Enforce that teql can only be used as root qdisc CVE-2026-23074 - ALSA: usb-audio: Fix use-after-free in sndusbmixerfree CVE-2026-23089 - atm: atmtcp: Prevent arbitrary write in atmtcprecvcontrol...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006815)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006815 advisory. In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem devi...

Oracle Linux 7 : kernel (ELSA-2026-3685)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3685 advisory. - ext4: fix use-after-free in ext4orphancleanup CVE-2022-50673 Orabug: 39036029 - Squashfs: check return result of sbminblocksize CVE-2025-38415 Orabug...

SUSE CVE-2026-23070

In the Linux kernel, the following vulnerability has been resolved: Octeontx2-af: Add proper checks for fwdata firmware populates MAC address, link modes supported, advertised and EEPROM data in shared firmware structure which kernel access via MAC blockCGX/RPM. Accessing fwdata, on boards booted...

CVE-2026-23070

In the Linux kernel, the following vulnerability has been resolved: Octeontx2-af: Add proper checks for fwdata firmware populates MAC address, link modes supported, advertised and EEPROM data in shared firmware structure which kernel access via MAC blockCGX/RPM. Accessing fwdata, on boards booted...

CVE-2026-23070

CVE-2026-23070 is an in-kernel issue affecting the Linux kernel (noted in Debian/SUSE advisories) related to Octeontx2-af hardware. The vulnerability stems from missing/insufficient checks for fwdata in the shared firmware structure accessed by the MAC block (CGX/RPM). On boards booted without MA...