368 matches found
CVE-2026-53160
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpcmapcreate fastrpcmaplookup returns a raw pointer after releasing fl-lock. The caller fastrpcmapcreate then calls fastrpcmapget krefgetunlesszero on this unprotected pointer. A...
CVE-2026-53161
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free of fastrpcuser in workqueue context There is a race between fastrpcdevicerelease and the workqueue that processes DSP responses. When the user closes the file descriptor, fastrpcdevicerelease fre...
CVE-2026-53161
CVE-2026-53161 : The Linux kernel fastrpc subsystem has a race between fastrpc_device_release() and the workqueue that processes DSP responses. When the user closes the file descriptor, the kernel frees the fastrpc_user while an in-flight DSP invocation may complete and schedule context cleanup. ...
EUVD-2026-39251
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpcmapcreate fastrpcmaplookup returns a raw pointer after releasing fl-lock. The caller fastrpcmapcreate then calls fastrpcmapget krefgetunlesszero on this unprotected pointer. A...
EUVD-2026-39252
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free of fastrpcuser in workqueue context There is a race between fastrpcdevicerelease and the workqueue that processes DSP responses. When the user closes the file descriptor, fastrpcdevicerelease fre...
CVE-2026-53160
In CVE-2026-53160, the Linux kernel misc: fastrpc subsystem had a use-after-free race in fastrpc_map_create. Specifically, fastrpc_map_lookup returned a raw pointer after releasing fl->lock, and the caller then invoked fastrpc_map_get (kref_get_unless_zero) on that unprotected pointer. A concu...
CVE-2026-53159
The CVE-2026-53159 entry describes a Linux kernel vulnerability in the fastrpc path where fastrpc_get_args() uses find_vma() to locate the VMA for a user pointer and compute a DMA address offset. If the address lies in a gap before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows...
EUVD-2026-39250
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to findvma misuse fastrpcgetargs uses findvma to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA,...
EUVD-2026-39249
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback A NULL pointer dereference was observed on Hawi at boot when the DSP sends a glink message before fastrpcrpmsgprobe has completed initialization: Unable to handle kern...
CVE-2026-53158
The CVE-2026-53158 issue affects the Linux kernel’s fastrpc rpmsg path. A NULL pointer dereference could occur at boot when a DSP glink message arrives before fastrpc_rpmsg_probe() has finished initialization, causing a crash from an uninitialized spinlock on the fastrpc_channel_ctx. The root cau...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fixed a use-after-free race condition for maps It is possible that before fastrpcfreemap is called, another thread may call fastrpcmaplookup and obtain a reference to a map that is about to be deleted. The function...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: -misc: fastrpc: fix memory corruption on probe A missing sanity check has been added to the count of probed sessions, to prevent memory corruption beyond the fixed-size slab-alocated session array when there are more than...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: misc: fastrpc: Do not remove the map from createprocess and devicerelease. Do not remove the map from the list during the error handling in fastrpcinitcreateprocess. Instead, call fastrpcmapput to avoid a use-after-free...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix the dmabuf object leak in fastrpcmaplookup In fastrpcmaplookup, the dmabufget function is called to obtain a reference to the dmabuf object for comparison purposes. However, this reference is never released whe...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The overflow check in the probe session-duplication function increased the session count, even when there were no more available sessions. This could lead to corruption of memory beyon...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx-remoteheap The function fastrpcinitcreatestaticprocess may free the memory allocated to cctx-remoteheap during the errmap path, but does not clear the pointer pointing to that memory...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: avoid double fput on failed usercopy If the copy back to userland fails for the FASTRPCIOCTLALLOCDMABUFF ioctl, we should not assume that ‘buf-dmabuf’ is still valid. In fact, dmabuffd calls fdinstall before, there...
SUSE CVE-2026-31730
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx-remoteheap fastrpcinitcreatestaticprocess may free cctx-remoteheap on the errmap path but does not clear the pointer. Later, fastrpcrpmsgremove frees cctx-remoteheap again if it is...
Linux Distros Unpatched Vulnerability : CVE-2026-31730
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - misc: fastrpc: possible double-free of cctx-remoteheap fastrpcinitcreatestaticprocess may free cctx-remoteheap on the errmap path but does not clear the pointer...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel through version 5.11.6. The fastrpcinternalinvoke function in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, also known as CID-20c40794eb85. This is a related issue to CVE-2019-2308...