Astra Linux - уязвимость в linux-5.10, linux

A issue was discovered in the Linux kernel through version 5.16-rc6. The function netvscgetethtoolstats in the drivers/net/hyperv/netvscdrv.c file lacks a check on the return value of kvmallocarray, which can lead to a null pointer derefrence...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to pagepoolgetstats Calling pagepoolgetstats in the mvneta driver without proper checks leads to kernel crashes. The page pool is only available if the bm is not used. The page pool is also not allocated wh...

SUSE CVE-2026-31505

In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes in iavfgetethtoolstats iavf incorrectly uses realnumtxqueues for ETHSSSTATS. Since the value could change in runtime, we should use numtxqueues instead. Moreover iavfgetethtoolstats uses...

CVE-2026-31494

A flaw was found in the Linux kernel's macb network driver. A local user can exploit this vulnerability due to an out-of-bounds write in the gemgetethtoolstats function. This occurs when the driver incorrectly copies data using the maximum number of queues instead of the active number, leading to...

EUVD-2026-24864

In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue number for stats There's a potential mismatch between the memory reserved for statistics and the amount of memory written. gemgetssetcount correctly computes the number of stats based on the activ...

CVE-2026-31494

In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue number for stats There's a potential mismatch between the memory reserved for statistics and the amount of memory written. gemgetssetcount correctly computes the number of stats based on the activ...

CVE-2026-31505

The CVE-2026-31505 issue affects the Linux kernel iavf driver: out-of-bounds writes occur because iavf_get_ethtool_stats() uses real_num_tx_queues for ETH_SS_STATS while other paths use num_tx_queues, enabling memory corruption when ethtool -L and ethtool -S run concurrently. The fix is to use im...

CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()

In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes in iavfgetethtoolstats iavf incorrectly uses realnumtxqueues for ETHSSSTATS. Since the value could change in runtime, we should use numtxqueues instead. Moreover iavfgetethtoolstats uses...

CVE-2026-31494

Technical details for CVE-2026-31494 are not publicly provided in the supplied documents; monitor for updates.

PT-2026-34399

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A mismatch exists between the memory reserved for statistics and the amount of memory written in the macb network driver. The function gem get sset count calculates the number of...

PT-2026-34410

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iavf driver where the iavf get ethtool stats function incorrectly uses the num active queues variable, while iavf get sset count and iavf get stat strings use real...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iavfgetethtoolstats function using realnumtxqueues, leading to out-of-bounds writes. This...

Linux Distros Unpatched Vulnerability : CVE-2026-31494

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: macb: use the current queue number for stats There's a potential mismatch between the memory reserved for statistics and the amount of memory written...

CVE-2025-68795

In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOLGSSETINFO for the size, ETHTOOLGSTRINGS for the names, and ETHTOOLGSTATS for the values. If the number of...

CVE-2025-68795

The CVE-2025-68795 issue affects Linux kernel ethtool statistics queries. If the number of stats changes between the three ioctl calls (ETHTOOL_GSSET_INFO, ETHTOOL_GSTRINGS, ETHTOOL_GSTATS), userspace buffers may overflow. Some drivers (e.g., mlx5, bnx2x, bna, ksz884x) use dynamic counters, creat...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414349)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414349 advisory. An issue was discovered in the Linux kernel through 5.16-rc6. netvscgetethtoolstats in drivers/net/hyperv/netvscdrv.c lacks check of the return value of kvmallocarra...

The vulnerability of the gve_get_ethtool_stats() function in the Linux operating system’s Google kernel virtual network adapter driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the gvegetethtoolstats function in the drivers/net/ethernet/google/gve/gveethtool.c file of the Linux kernel’s virtual network adapter driver is related to incorrect data validation. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

CVE-2021-46947

In the Linux kernel, the following vulnerability has been resolved: sfc: adjust efx-xdptxqueuecount with the real number of initialized queues efx-xdptxqueuecount is initially initialized to numpossiblecpus and is later used to allocate and traverse efx-xdptxqueues lookup array. However, we may e...

UBUNTU-CVE-2021-46947

In the Linux kernel, the following vulnerability has been resolved: sfc: adjust efx-xdptxqueuecount with the real number of initialized queues efx-xdptxqueuecount is initially initialized to numpossiblecpus and is later used to allocate and traverse efx-xdptxqueues lookup array. However, we may e...

SUSE CVE-2022-3107

An issue was discovered in the Linux kernel through 5.16-rc6. netvscgetethtoolstats in drivers/net/hyperv/netvscdrv.c lacks check of the return value of kvmallocarray and will cause the null pointer dereference...