2138 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iouring: Fixed the issue where multishot accept requests could lead to leaks. Setting REQFPOLLED does not guarantee that the request will be executed as a multishot from the polling path. Fortunately, if the code misidentifies...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: Fixed an issue where OOB reading occurred during the wrap check of SQEMIXED. The function iouringshowfdinfo iterates over pending SQEs. For 128-byte SQEs within an IORINGSETUPSQEMIXED ring, it needs to detect when...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iouring/zcrx: fixed error handling after opening. Closing a queue does not guarantee that all associated page pools are terminated immediately. Let the refcounting process handle this task instead of releasing the zcrx ctx...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iouring/zcrx: fixed the sgtable leak that occurs during mapping failures. In a rare case where iopopulateareadma fails—which can only occur on a PAGEPOOL32BITARCHWITH64BITDMA machine—iozcrxmaparea will have an initialized but...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iouring: Check whether we need to reschedule during overflow flushing. In terms of normal application usage, this list will always be empty. If an application does cause an overflow, it will have a few entries in this list...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring: Fixed the issue of releasing pinned pages when iouaddrmap fails. Looking at the error path of iouaddrmap, if we fail to pin the pages for any reason, ret will be set to -EINVAL, and the error handler will not properly...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring: A memory leak was fixed when removing provided buffers. When removing provided buffers, the iobuffer structures were not being disposed of properly, resulting in a memory leak. These structures cannot be freed...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iouring: check for non-NULL file pointer in iofilecanpoll In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The trace leading to that...
Astra Linux – Vulnerability in Linux 5.10
iouring uses workFlags to determine which identities need to be retrieved from the calling process, ensuring that they are consistent with the calling process when executing IORINGOP. Some operations lack certain types, which can lead to incorrect reference counts, potentially causing a...
Astra Linux – Vulnerability in Linux 5.10
There exists a use-after-free vulnerability in the Linux kernel through the iouring mechanism and the IORINGOPSPLICE operation. If the IORINGOPSPLICE operation lacks the IOWQWORKFILES flag, it indicates that the operation will not utilize current-nsproxy. As a result, its reference counter is not...
Astra Linux – Vulnerability in Linux 5.10
A use-after-free flaw was discovered in the Linux kernel’s iouring subsystem. This flaw occurs when a user sets up a ring using IORINGSETUPIOPOLL, with multiple tasks completing submissions within that ring. This flaw allows a local user to crash the system or escalate their privileges on the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring: Fixed a fget leak when the file system does not support nowait buffered reads. Heming reported a bug when using iouring for link-cp operations on ocfs2. 1 The following steps can reproduce this bug: mount -t ocfs2 /dev/v...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iouring/zcrx: fixed the race condition between the scrub and refill paths involving userrefs The iozcrxputniovuref function uses a non-atomic check-then-decrement pattern atomicread followed by an atomicdec to manipulate...
USN-8279-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
Important: kernel6.18
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class CVE-2025-71239 In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata...
SUSE CVE-2026-43366
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: check if target buffer list is still legacy on recycle There's a gap between when the buffer was grabbed and when it potentially gets recycled, where if the list is empty, someone could've upgraded it to a ring...
SUSE CVE-2026-43442
In the Linux kernel, the following vulnerability has been resolved: iouring: fix physical SQE bounds check for SQEMIXED 128-byte ops When IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, the boundary check for 128-byte SQE operations in ioinitreq validated the logical SQ head position...
Exploit for Use After Free in Linux Linux_Kernel
CVE-2024-0582 An ex...
SUSE CVE-2026-43174
In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix post open error handling Closing a queue doesn't guarantee that all associated page pools are terminated right away, let the refcounting do the work instead of releasing the zcrx ctx directly...
CVE-2026-43442
A flaw was found in the Linux kernel's iouring subsystem. An incorrect bounds check for 128-byte Submission Queue Entry SQE operations, when IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, allows an unprivileged local user to remap logical SQE positions to arbitrary physical indices. Th...