Astra Linux – Vulnerability in Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: fec: removed .ndopollcontroller to avoid deadlocks. A deadlock issue was found in the sungem driver. Please refer to the commit ac0a230f719b “eth: sungem: removed .ndopollcontroller to avoid deadlocks”. The root cause of the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: fec: Use pagepoolputfullpage when freeing RX buffers The pagepoolreleasepage function was used when freeing RX buffers. This function simply unmaps the page if it was mapped and does not recycle the page. As a result, after...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: fec: handle pagepooldevallocpages error The fecenetupdatecbd function calls pagepooldevallocpages, but it does not handle the case where NULL is returned. A WARNON!newpage message is generated, but the program still proceeds...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005614)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005614 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fec: Better handle pmruntimeget failing in .remove In the unlikely event that pmruntimeget...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21676)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21676 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: fec: handle pagepooldevallocpages...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: fec: A potential issue related to NPD has been fixed in fecenetPhyResetAfterclkEnable. The function phyfinddevice may return NULL. Therefore, we need to be careful when dereferencing phydev...

EUVD-2025-2625

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-39876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: fec: Fix possible NPD in fecenetphyresetafterclkenable The function ofphyfinddevice may return NULL, so we need to take care before dereferencing phydev...

SUSE CVE-2025-39876

In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fecenetphyresetafterclkenable The function ofphyfinddevice may return NULL, so we need to take care before dereferencing phydev...

AZL-67659 CVE-2025-39876 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fecenetphyresetafterclkenable The function ofphyfinddevice may return NULL, so we need to take care before dereferencing phydev...

Linux Distros Unpatched Vulnerability : CVE-2023-53308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: fec: Better handle pmruntimeget failing in .remove In the unlikely event that pmruntimeget disguised as pmruntimeresumeandget fails, the remove callback...

CVE-2023-53308

In the Linux kernel, the following vulnerability has been resolved: net: fec: Better handle pmruntimeget failing in .remove In the unlikely event that pmruntimeget disguised as pmruntimeresumeandget fails, the remove callback returned an error early. The problem with this is that the driver core...

CVE-2023-53308

The CVE-2023-53308 issue is in the Linux kernel net: fec driver handling of pm_runtime_get() failures during removal. When pm_runtime_get() (as pm_runtime_resume_and_get()) fails, the remove callback may return an error, but the driver core ignores it and continues removing the device, causing a ...

DEBIAN-CVE-2023-52998

In the Linux kernel, the following vulnerability has been resolved: net: fec: Use pagepoolputfullpage when freeing rx buffers The pagepoolreleasepage was used when freeing rx buffers, and this function just unmaps the page if mapped and does not recycle the page. So after hundreds of down/up the...

UBUNTU-CVE-2023-52998

In the Linux kernel, the following vulnerability has been resolved: net: fec: Use pagepoolputfullpage when freeing rx buffers The pagepoolreleasepage was used when freeing rx buffers, and this function just unmaps the page if mapped and does not recycle the page. So after hundreds of down/up the...

CVE-2023-52998

CVE-2023-52998 — In the Linux kernel’s fec driver, freeing RX buffers used page_pool_release_page, which unmaps but doesn’t recycle pages, enabling memory exhaustion after repeated eth0 up/down. A fix replaces it with page_pool_put_full_page, recycling the page when refcnt == 1. The vulnerability...

CVE-2023-52985

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: imx8mm-verdin: Do not power down eth-phy Currently if suspending using either freeze or memory state, the fec driver tries to power down the phy which leads to crash of the kernel and non-responsible kernel with the...

Linux Distros Unpatched Vulnerability : CVE-2025-21676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: fec: handle pagepooldevallocpages error The fecenetupdatecbd function calls...

CLSA-2025-1738958068 Fix of 49 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-38553/CVE-2024-38597 - netpoll: make ndopollcontroller optional - bonding: use netpollpolldev helper - netpoll: do not test NAPISTATESCHED in pollonenapi CVE-url: https://ubuntu.com/security/CVE-2024-38597 - eth: sungem: remove .ndopollcontroller to...

SUSE CVE-2025-21676

In the Linux kernel, the following vulnerability has been resolved: net: fec: handle pagepooldevallocpages error The fecenetupdatecbd function calls pagepooldevallocpages but did not handle the case when it returned NULL. There was a WARNON!newpage but it would still proceed to use the NULL point...