Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: Fixed the signedness in the thislen calculation. When importing and using buffers, buf-len is considered unsigned. However, buf-len is converted to a signed integer during commit operations. This can lead to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: fixed the omission of the NOWAIT check for ODIRECT write operations. When iouring initiates a write operation, it calls kiocbstartwrite, which triggers the super block rwsem. This prevents any freezes from occurring...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: The ctx-uringlock lock is acquired around the iouringshowfdinfo function. Not everything requires locking, which is why the haslock variable exists. However, enough cases require locking, making it somewhat unwiel...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring: The bounds check for the physical SQE index in SQEMIXED 128-byte operations has been fixed. When IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, the boundary check for 128-byte SQE operations in ioinitreq...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel before version 5.17.3, fs/iouring.c contains a use-after-free issue due to a race condition related to iouring timeouts. This issue can be triggered by a local user who does not have access to any user namespace. However, the race condition may only be exploited infrequently...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iouring: Lock overflow for IOPOLL. syzbot reports an issue with overflow during IOPOLL operations: WARNING: CPU: 0 PID: 28; at iouring, iouring.c:734; function iocqringeventoverflow+0x1c0/0x230; function iouring, iouring.c:734...

SUSE CVE-2026-46315

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it...

EUVD-2026-35870

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

CVE-2026-46315

A flaw was found in the Linux kernel's iouring subsystem, specifically within the IORINGOPWAITID operation. This vulnerability occurs because the waitid information structure is not properly initialized before being copied to userspace. A local user could exploit this to expose stale data from...

CVE-2026-46315

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it...

UBUNTU-CVE-2026-46315

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it...

EUVD-2026-35373

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it...

CVE-2026-46315 io_uring/waitid: clear waitid info before copying it to userspace

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it...

CVE-2026-46315

The CVE affects the Linux kernel io_uring waitid path. In IORING_OP_WAITID, result fields are stored in io_waitid::info and later copied to userspace siginfo. During prep, info wasn’t initialized; if the wait completes without a child event, the common wait code may skip writing wo_info, yet io_w...

CVE-2026-46315

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it...

Linux Distros Unpatched Vulnerability : CVE-2026-46315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iouring/waitid operation not clearing the waitid information before copying it to the user...

PT-2026-47719

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An information disclosure issue exists in the io uring subsystem during the IORING OP WAITID operation. The io waitid finish function copies the info field from struct io waitid to...

Linux Distros Unpatched Vulnerability : CVE-2026-45995

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring. CVE-2026-45995 Note that...

SUSE CVE-2026-45995

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...