Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: wwan: mhi: A memory leak has been fixed in the mhimbimdellink function. The MHI driver registers the network device without setting the needsfreenetdev flag. Additionally, it does not call freenetdev when unregistering the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: mhi: Fixed a memory leak in mhinetdellink. The MHI driver registers the network device without setting the needsfreenetdev flag, and does not call freenetdev when unregistering the network device. This results in a memory...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: fddi: fixed a Use-after-Free UAF issue in fzaprobe. The fp field is private data of netdev, and it cannot be used after the freenetdev call. Using fp after freenetdev can cause a UAF bug. This issue was fixed by moving the...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: hamradio: Fixed a memory leak in mkissclose. My local syzbot instance encountered a memory leak in mkissopen1. The issue arose from the missing freenetdev call in mkissclose. In mkissopen, netdevice is allocated and then...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iavf: Fixed a use-after-free in freenetdev. We perform netifnapiadd for all allocated qvectors, but potentially also perform netifnapidel for some of them. Then, we call kfree on the qvectors, leaving invalid pointers in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Networks: WWAN: IOSM: Fixed a memory leak in ipcwwandellink. The IOSM driver registers network devices without setting the needsfreenetdev flag. Additionally, it does not call freenetdev when unregistering the network device,...

OESA-2026-2673 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: hamradio: fix memory leak in mkissclose My local syzbot instance hit memory leak in mkissopen1. The problem was in missing freenetdev in mkissclose. In...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007282)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007282 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dpaa2-eth: fix use-after-free in dpaa2ethremove Access to netdev after freenetdev will cause...

CVE-2026-23273 macvlan: observe an RCU grace period in macvlan_common_newlink() error path

In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlancommonnewlink error path valis reported that a race condition still happens after my prior patch. macvlancommonnewlink might have made @dev visible before detecting an error, and its...

SUSE CVE-2025-68312

In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnetlinkchangedev, 0, 0; put the kevent work in global workqueue. However, the kevent has not yet been scheduled...

CVE-2025-68312

In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnetlinkchangedev, 0, 0; put the kevent work in global workqueue. However, the kevent has not yet been scheduled...

CVE-2025-68312

In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnetlinkchangedev, 0, 0; put the kevent work in global workqueue. However, the kevent has not yet been scheduled...

UBUNTU-CVE-2025-68312

In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnetlinkchangedev, 0, 0; put the kevent work in global workqueue. However, the kevent has not yet been scheduled...

CVE-2025-68312

CVE-2025-68312 affects the Linux kernel usbnet subsystem. Root cause: during usbnet probing, usbnet_link_change(dev,0,0) queues a kevent on the global workqueue, which may still be active when the device is unregistered, causing a potential free of an active kevent object. The added fix cancels t...

kernel: idpf: check error for register_netdev() on init

In the Linux kernel, the following vulnerability has been resolved: idpf: check error for registernetdev on init Current init logic ignores the error code from registernetdev, which will cause WARNON on attempt to unregister it, if there was one, and there is no info for the user that the creatio...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989167)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989167 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: fix potential use-after-free in ecbhfremove static void ecbhfremovestruct pcidev...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988963)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988963 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlanremoveone priv is netdev private data and it cannot be used after...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990114)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990114 advisory. In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emacremove adpt is netdev private data and it cannot be used after...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988776)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988776 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hamradio: fix memory leak in mkissclose My local syzbot instance hit memory leak in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990051)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990051 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fddi: fix UAF in fzaprobe fp is netdev private data and it cannot be used after freenetdev...