Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: exec: Fix for the issue involving the comparison between permission checks and setuid/gid usage When opening a file for execution using dofilpopen, permission checks are performed based on the file’s metadata at that moment. If t...

CLSA-2026-1778933429 Fix CVE(s): CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992

SECURITY UPDATE: drop usage of Module::ScanDeps to prevent LPE - debian/patches/CVE-2024-11003.patch: drop usage of Module::ScanDeps to prevent LPE - CVE-2024-11003 SECURITY UPDATE: do not set PYTHONPATH environment variable to prevent a LPE - debian/patches/CVE-2024-48990.patch: do not set...

futex: Don't leak robust_list pointer on exec race

...

SUSE CVE-2025-40341

In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access another task's robustlist pointer. This check is racy against a...

CVE-2025-40341

In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access another task's robustlist pointer. This check is racy against a...

CVE-2025-40341

In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access another task's robustlist pointer. This check is racy against a...

CVE-2025-40341 futex: Don't leak robust_list pointer on exec race

In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access another task's robustlist pointer. This check is racy against a...

CVE-2025-40341

In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access another task's robustlist pointer. This check is racy against a...

CVE-2025-40341 futex: Don't leak robust_list pointer on exec race

In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access another task's robustlist pointer. This check is racy against a...

Linux Distros Unpatched Vulnerability : CVE-2025-40341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access...

CVE-2025-40201

CVE-2025-40201: Linux kernel vulnerability in sys_prlimit64() handling of task_lock(tsk->group_leader). The issue stems from racing when tsk is not current or not a leader, where task_lock(tsk->group_leader) may reference an already freed task_struct. It can also race with mt-exec changing ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990489)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990489 advisory. In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986480)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986480 advisory. In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via...

CVE-2025-22029

...

CLSA-2024-1728297376 kernel: Fix of 13 CVEs

btrfs: fix use-after-free after failure to create a snapshot CVE-2022-48733 - hwmon: nct6775-core Fix underflows seen when writing limit attributes CVE-2024-46757 - wifi: mac80211: Avoid address calculations via out of bounds array indexing CVE-2024-41071 - netfilter: conntrack: dccp: copy entire...

AZL-48495 CVE-2024-43882 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

kernel security and bug fix update

2.6.9-78.0.8.0.1.EL - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with...