Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: s390/uv: Do not call foliowaitwriteback without a folio reference. foliowaitwriteback requires that no spinlocks are held and that a folio reference is held, as documented. After we removed the PTL, the folio object could be free...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswapwritebackentry, after obtaining a folio from readswapcacheasync, we reacquire the tree lock to ensure that the swap entry was not invalidated or recycled. If it...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Block devices with logical block size page size will be rejected when THP is disabled. If THP is disabled and there are block devices with logical block size page size, the following nullptrderef panic occurs during boot: 13.2 mK...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iomap: fixed invalid folio access when iblkbits differs from the I/O granularity. The commit aa35ddcbc06 “iomap: fixed invalid folio access after folioendread” partially addressed invalid folio access for folios without an ifs...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/smc: fixed a warning in smcrxsplice, when calling getpage The smcloregisterdmb function allocates DMB buffers using kzalloc, which are later passed to getpage in smcrxsplice. Since kmalloc memory is not page-backed, this...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfs: Only call foliostartfscache once for each folio. If a network filesystem using netfs implements a clamplength function, it can set subrequest lengths that are smaller than the page size. When we loop through the folios in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/memfd: Fixed an issue where information leaks occurred during the handling of hugetlb folios. When allocating hugetlb folios for memfd, three initialization steps are missing: 1. The folios are not zeroed, resulting in kern...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Block: Fix to add folio to bio. A size of 4GB for folio is possible on some ARCHs, such as aarch64. A size of 16GB for hugepage is also supported. However, the “offset” of folio cannot be stored in “unsigned int”, which causes a...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm: Use memallocnofssave in pagecacheraorder. See commit f2c817bed58d “mm: Use memallocnofssave in readahead”, ensure that pagecacheraorder does not attempt to reclaim file-backed pages too often, as this can lead to a deadlock...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fixed a use-after-free race condition in the fault handler. When a page fault occurs in a secret memory file created with memfdsecret2, the kernel will allocate a new folio for it, mark the underlying page as not...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: gfs2: Set .migratefolio in gfs2rgrp,metaaops. The warning added in 7ee3647243e5 “migrate: Remove call to -writepage” that occurs in various xfstests, causing “something found in dmesg” failures, has been resolved. 341.136573...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Fixed a deadlock involving nfsreleasefolio Wang Zhaolong reported a deadlock involving NFSv4.1 state recovery, waiting on kthreadd, which attempts to reclaim memory by calling nfsreleasefolio. The latter cannot proceed due t...

kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration

A flaw was found in the Linux kernel. A local attacker could exploit a deadlock vulnerability due to incorrect lock ordering between foliolock and immaprwsem when migrating hugetlb file-backed folios. This could lead to hung tasks and potential system-wide stalls, resulting in a Denial of Service...

-cybersec-bad-folio

cy...

Linux Distros Unpatched Vulnerability : CVE-2026-46277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio m...

SUSE CVE-2026-46277

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

CVE-2026-46277

A flaw was found in the Linux kernel's memory management, specifically within the mm/zonedevice component. This vulnerability arises when a device folio is accessed after it has been freed and potentially reallocated by a driver. This can lead to memory corruption, which a local attacker could...

CVE-2026-46277

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

UBUNTU-CVE-2026-46277

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

CVE-2026-46277

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...