26 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: watchqueue: Fixed NULL dereference in error cleanup. In watchqueuesetsize, the error cleanup code does not take into account that freepage cannot handle a NULL pointer when trying to free buffer pages that have been allocated. Th...
CVE-2026-46322
In the Linux kernel, the following vulnerability has been resolved: tun: free page on buildskb failure in tunxdpone When buildskb fails in tunxdpone, the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhostnetbuildxdp allocated for the frame. ...
UBUNTU-CVE-2026-46320
In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tapgetuserxdp tapgetuserxdp rejects a frame shorter than ETHHLEN with -EINVAL, and returns -ENOMEM when buildskb fails. Both paths jump to the err label without freeing the page that...
CVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()
In the Linux kernel, the following vulnerability has been resolved: tun: free page on buildskb failure in tunxdpone When buildskb fails in tunxdpone, the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhostnetbuildxdp allocated for the frame. ...
CVE-2026-46322
In the Linux kernel, the following vulnerability has been resolved: tun: free page on buildskb failure in tunxdpone When buildskb fails in tunxdpone, the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhostnetbuildxdp allocated for the frame. ...
CVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()
In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tapgetuserxdp tapgetuserxdp rejects a frame shorter than ETHHLEN with -EINVAL, and returns -ENOMEM when buildskb fails. Both paths jump to the err label without freeing the page that...
EUVD-2026-35410
In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tapgetuserxdp tapgetuserxdp rejects a frame shorter than ETHHLEN with -EINVAL, and returns -ENOMEM when buildskb fails. Both paths jump to the err label without freeing the page that...
PT-2026-47757
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the tap get user xdp function. When a frame is shorter than ETH HLEN, the function returns -EINVAL; similarly, it returns -ENOMEM if build skb fails. In both...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rustbinder: The spinlock call in rustshrinkfreepage has been removed. When porting Rust Binder to version 6.18, I overlooked including the commit fb56fdf8b9a2 “mm/listlru: split the lock to per-cgroup scope” in the consideration...
CVE-2025-71181
In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/listlru: split the lock to per-cgroup scope" into account, and apparently I did not end up...
CVE-2025-71181
In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/listlru: split the lock to per-cgroup scope" into account, and apparently I did not end up...
CVE-2025-71181
In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/listlru: split the lock to per-cgroup scope" into account, and apparently I did not end up...
CVE-2025-71181 rust_binder: remove spin_lock() in rust_shrink_free_page()
In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/listlru: split the lock to per-cgroup scope" into account, and apparently I did not end up...
CVE-2025-71181 rust_binder: remove spin_lock() in rust_shrink_free_page()
In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/listlru: split the lock to per-cgroup scope" into account, and apparently I did not end up...
PT-2026-5507
In the Linux kernel, the following vulnerability has been resolved: rust binder: remove spin lock in rust shrink free page When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/list lru: split the lock to per-cgroup scope" into account, and apparently I did not end...
Linux Kernel Security Vulnerabilities
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of removal of the spinlock in the rustshrinkfreepage function. This issue may lead to...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004335)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004335 advisory. In binderallocfreepage of binderalloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000386)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000386 advisory. In binderallocfreepage of binderalloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with...
CVE-2025-68253
In the Linux kernel, the following vulnerability has been resolved: mm: don't spin in addstackrecord when gfp flags don't allow syzbot was able to find the following path: addstackrecordtolist mm/pageowner.c:182 inline incstackrecordcount mm/pageowner.c:214 inline setpageowner+0x2c3/0x4a0...
EUVD-2022-54678
In the Linux kernel, the following vulnerability has been resolved: zsmalloc: fix races between asynchronous zspage free and page migration The asynchronous zspage free worker tries to lock a zspage's entire page list without defending against page migration. Since pages which haven't yet been...