EUVD-2026-39256

In the Linux kernel, the following vulnerability has been resolved: iomap: avoid potential null folio-mapping deref during error reporting When a buffered read fails, iomapfinishfolioread reports the error with fserrorreportiofolio-mapping-host, .... This is called after ifs-readbytespending has...

CVE-2026-53133

The CVE-2026-53133 issue affects the Linux kernel RDMA/umem path where, when IOMMU is used, a single very large block can be split across multiple SG entries. During reassembly in __rdma_block_iter_next(), 32-bit stack values can overflow, leading to incorrect DMA addresses for blocks after trunc...

CVE-2026-53124

A flaw was found in the ublk subsystem of the Linux kernel. When a ublk server fails to complete all I/O input/output operations, a per-I/O cancellation flag may remain set. This prevents the successful cancellation of outstanding I/O commands, potentially leading to resource exhaustion or a deni...

CVE-2026-53123

A flaw was found in the Linux kernel's Multiple Device MD driver, specifically within the raid456 reshape functionality. A local user could trigger a deadlock by freezing the reshape process and writing to the md/suspendlo or md/suspendhi files while direct I/O operations are in progress. This...

CVE-2026-56129

Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...

EUVD-2026-38991

In the Linux kernel, the following vulnerability has been resolved: md: wake raid456 reshape waiters before suspend During raid456 reshape, direct IO across the reshape position can sleep in raid5makerequest waiting for reshape progress while still holding an activeio reference. If userspace then...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: Fixed races between hole punching and AIO+DIO. After the commit “ocfs2: return real error code in ocfs2diowrgetblock”, fstests/generic/300 now sometimes fail instead of always failing...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: The IOWQBITEXIT check is performed within the work run loop. Currently, this check is performed before running the pending work. Normally, this is completely fine, as the work items either end up blocking other tas...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: genirq/msi: The IOMMU IOVA is now stored directly in the msidesc, rather than in the iommucookie. The process of translating MSI message addresses using IOMMU involved two steps, separated in time: 1 iommudmapreparemsi: A pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: A overflow issue was identified in IOMMUTESTOPADDRESERVED. syzkaller discovered that this could lead to an overflow in the test infrastructure and cause a WARN message by corrupting the reserved interval tree...

Astra Linux - Vulnerability in Golang-1.19

On Unix platforms, the Go runtime behaves differently when a binary is run with the setuid/setgid bits enabled. This can be dangerous in certain situations, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standa...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Firmware: qcom: uefisecapp: Fixed memory-related IO errors and crashes. It turns out that while the QSEECOM APPSEND command has specific fields for the request and response buffers, uefisecapp expects both to be in a single memor...

CVE-2026-54533 vantage6 node has an Improper Access Control issue

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to...

CVE-2026-8049

The CVE-2026-8049 issue affects SignalRGB’s Windows kernel driver, SignalIo.sys, in versions prior to 1.3.7.0. The device object (.SignalIo) is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN, resulting in overly permissive default access. This permits any...

PT-2026-49095

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

Xen: x86 HVM I/O Port List Traversal (XSA-491)

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

kernel: iommu: disable SVA when CONFIG_X86 is set

A security vulnerability was found in the Linux kernel's IOMMU Shared Virtual Addressing SVA implementation on x86 architecture. When SVA is enabled, the IOMMU caches kernel page table entries. Since the kernel lacks a mechanism to notify the IOMMU when kernel page table pages are freed and...

CVE-2026-45782

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-2336)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : iommu/sva: invalidate stale IOTLB entries for kernel address spaceCVE-2025-71202 iommu: disable SVA when CONFIGX86 is setCVE-2025-71089 tls: Fix...

CVE-2025-54509

Improper access control for register interface in the input-output memory management unit IOMMU could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor ASP potentially resulting in loss of integrity...