Astra Linux - уязвимость в linux-5.10, linux

A issue was discovered in the Linux kernel through version 5.16-rc6. The function netvscgetethtoolstats in the drivers/net/hyperv/netvscdrv.c file lacks a check on the return value of kvmallocarray, which can lead to a null pointer derefrence...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to pagepoolgetstats Calling pagepoolgetstats in the mvneta driver without proper checks leads to kernel crashes. The page pool is only available if the bm is not used. The page pool is also not allocated wh...

SUSE CVE-2026-31505

In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes in iavfgetethtoolstats iavf incorrectly uses realnumtxqueues for ETHSSSTATS. Since the value could change in runtime, we should use numtxqueues instead. Moreover iavfgetethtoolstats uses...

CVE-2026-31494

A flaw was found in the Linux kernel's macb network driver. A local user can exploit this vulnerability due to an out-of-bounds write in the gemgetethtoolstats function. This occurs when the driver incorrectly copies data using the maximum number of queues instead of the active number, leading to...

EUVD-2026-24864

In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue number for stats There's a potential mismatch between the memory reserved for statistics and the amount of memory written. gemgetssetcount correctly computes the number of stats based on the activ...

CVE-2026-31494

In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue number for stats There's a potential mismatch between the memory reserved for statistics and the amount of memory written. gemgetssetcount correctly computes the number of stats based on the activ...

CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()

In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes in iavfgetethtoolstats iavf incorrectly uses realnumtxqueues for ETHSSSTATS. Since the value could change in runtime, we should use numtxqueues instead. Moreover iavfgetethtoolstats uses...

CVE-2026-31505

The CVE-2026-31505 issue affects the Linux kernel iavf driver: out-of-bounds writes occur because iavf_get_ethtool_stats() uses real_num_tx_queues for ETH_SS_STATS while other paths use num_tx_queues, enabling memory corruption when ethtool -L and ethtool -S run concurrently. The fix is to use im...

CVE-2026-31494

Technical details for CVE-2026-31494 are not publicly provided in the supplied documents; monitor for updates.

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iavfgetethtoolstats function using realnumtxqueues, leading to out-of-bounds writes. This...

Linux Distros Unpatched Vulnerability : CVE-2026-31494

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: macb: use the current queue number for stats There's a potential mismatch between the memory reserved for statistics and the amount of memory written...

PT-2026-34399

In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue number for stats There's a potential mismatch between the memory reserved for statistics and the amount of memory written. gem get sset count correctly computes the number of stats based on the...

PT-2026-34410

In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes in iavf get ethtool stats iavf incorrectly uses real num tx queues for ETH SS STATS. Since the value could change in runtime, we should use num tx queues instead. Moreover iavf get ethtool stats use...

CVE-2025-68795

In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOLGSSETINFO for the size, ETHTOOLGSTRINGS for the names, and ETHTOOLGSTATS for the values. If the number of...

CVE-2025-68795

The CVE-2025-68795 issue affects Linux kernel ethtool statistics queries. If the number of stats changes between the three ioctl calls (ETHTOOL_GSSET_INFO, ETHTOOL_GSTRINGS, ETHTOOL_GSTATS), userspace buffers may overflow. Some drivers (e.g., mlx5, bnx2x, bna, ksz884x) use dynamic counters, creat...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414349)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414349 advisory. An issue was discovered in the Linux kernel through 5.16-rc6. netvscgetethtoolstats in drivers/net/hyperv/netvscdrv.c lacks check of the return value of kvmallocarra...

CVE-2021-46947

In the Linux kernel, the following vulnerability has been resolved: sfc: adjust efx-xdptxqueuecount with the real number of initialized queues efx-xdptxqueuecount is initially initialized to numpossiblecpus and is later used to allocate and traverse efx-xdptxqueues lookup array. However, we may e...

UBUNTU-CVE-2021-46947

In the Linux kernel, the following vulnerability has been resolved: sfc: adjust efx-xdptxqueuecount with the real number of initialized queues efx-xdptxqueuecount is initially initialized to numpossiblecpus and is later used to allocate and traverse efx-xdptxqueues lookup array. However, we may e...

SUSE CVE-2022-3107

An issue was discovered in the Linux kernel through 5.16-rc6. netvscgetethtoolstats in drivers/net/hyperv/netvscdrv.c lacks check of the return value of kvmallocarray and will cause the null pointer dereference...

OESA-2023-1035 kernel security update

Security Fixes: An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2CSMBUSBLOCKDATA with the ioctl I2CSMBUS with malicious input data. This flaw allows a local user to crash the system.CVE-2022-2873 An...