Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: octeontx2-af: Added validation before accessing cgx and lmac. With the addition of new MAC blocks such as CN10K RPM and CN10KB RPMUSX, LMACs are noncontiguous, and CGX blocks are also noncontiguous. However, during the RVU...

CVE-2023-54220

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix oops for port-pm on uartchangepm Unloading a hardware specific 8250 driver can produce error "Unable to handle kernel paging request at virtual address" about ten seconds after unloading the driver. This happens...

CVE-2022-50637 cpufreq: qcom-hw: Fix memory leak in qcom_cpufreq_hw_read_lut()

In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom-hw: Fix memory leak in qcomcpufreqhwreadlut If "cpudev" fails to get opp table in qcomcpufreqhwreadlut, the program will return, resulting in "table" resource is not released...

EUVD-2025-26096

Malicious code in bioql PyPI...

CVE-2025-39821 perf: Avoid undefined behavior from stopping/starting inactive events

In the Linux kernel, the following vulnerability has been resolved: perf: Avoid undefined behavior from stopping/starting inactive events Calling pmu-start/stop on perf events in PERFEVENTSTATEOFF can leave event-hw.idx at -1. When PMU drivers later attempt to use this negative index as a shift...

CVE-2022-49835 ALSA: hda: fix potential memleak in 'add_widget_node'

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'addwidgetnode' As 'kobjectadd' may allocated memory for 'kobject-name' when return error. And in this function, if call 'kobjectadd' failed didn't free kobject. So call 'kobjectput' to recycli...

CVE-2025-23146 mfd: ene-kb3930: Fix a potential NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: mfd: ene-kb3930: Fix a potential NULL pointer dereference The offgpios could be NULL. Add missing check in the kb3930probe. This is similar to the issue fixed in commit b1ba8bcb2d1f "backlight: hx8357: Fix potential NULL pointer...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the wfxinitcommon function not calling ieee80211freehw in error handling, which could lead to a memory leak...

UBUNTU-CVE-2024-56777

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in stigdpatomiccheck The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure. drm/sti: avoid potential...

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-7183-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7183-1 advisory. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type- confusion error. A physically proximate...

UBUNTU-CVE-2024-26694

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix double-free bug The storage for the TLV PC register data wasn't done like all the other storage in the drv-fw area, which is cleared at the end of deallocation. Therefore, the freeing must also be done...

kernel: char: tpm: Protect tpm_pm_suspend with locks

In the Linux kernel, the following vulnerability has been resolved: char: tpm: Protect tpmpmsuspend with locks Currently tpm transactions are executed unconditionally in tpmpmsuspend function, which may lead to races with other tpm accessors in the system. Specifically, the hwrandom tpm driver...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux Kernel, which originates in the cpufreq subsystem in drivers/cpufreq/qcom-cpufreq-hw.c causes a double release issue durin...

kernel: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in hswephaslimitsbox pcigetdevice will increase the reference count for the returned 'dev'. We need to call pcidevput to decrease the reference count. Since 'dev' is only used in...

DEBIAN-CVE-2023-1855

A use-after-free flaw was found in xgenehwmonremove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver xgene-hwmon. This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem...

CVE-2023-20559

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges...

The vulnerability of the interface_release_resource function in the QEMU hardware emulation driver, located in hw/display/qxl.c, relates to the assignment of a null pointer. This allows an attacker to trigger a service failure.

The vulnerability of the interfacereleaseresource function in the QEMU hardware emulation driver hw/display/qxl.c is related to the assignment of a null pointer to the ext.info object. Exploiting this vulnerability allows an attacker to cause a service failure remotely...

The vulnerability of the hardware abstraction driver of the software tool for determining processor characteristics allows attackers to exploit their privileges, disclose sensitive information, or cause service failures.

The vulnerability of the software-based hardware abstraction driver for the Intel Processor Identification Utility is related to access control deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges, disclose sensitive information, or cause service failures...

CVE-2019-11163

Insufficient access control in a hardware abstraction driver for IntelR Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access...

Privilege escalation

Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access...