Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevents potential UAF Use After Free issues during group creation. This commit addresses the issue where a malicious user space could potentially alter the handle of a group and attempt to call the GROUPDESTROY ioct...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fpga: Integer overflow has been prevented in dflfeatureioctlsetirq. The multiplication hdr.count sizeofs32 can cause integer overflow on 32-bit systems, leading to memory corruption. Use arraysize to fix this issue...

GHSA-FJQ3-FFVR-VM46 OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure

Summary The Java TLS ioctl probe reads user-controlled ioctl pointers with bpfproberead instead of bpfprobereaduser. An instrumented local process can therefore point OBI at kernel memory and cause that memory to be copied into telemetry. Details The vulnerable path is in...

OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure

Summary The Java TLS ioctl probe reads user-controlled ioctl pointers with bpfproberead instead of bpfprobereaduser. An instrumented local process can therefore point OBI at kernel memory and cause that memory to be copied into telemetry. Details The vulnerable path is in...

PT-2026-41788

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description The Java TLS ioctl probe incorrectly uses the bpf probe read function instead of bpf probe read user when reading user-controlled ioctl pointers. This occurs within the do...

CVE-2025-52532

A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgvcmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the...

CVE-2025-54517

Out of bounds write in AMD AMDGVCMDGETDIAGDATA ioctl handler could allow a local user to escalate privileges via remote code execution...

CVE-2025-52532

A race condition in the MxGPU-Virtualization driver’s ioctl path is caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler. This can be exploited locally to trigger a heap-based buffer overflow, potentially causing denial-of-service within the vul...

CVE-2025-52532

A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgvcmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the...

CVE-2025-52532

A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgvcmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the...

CVE-2025-54517

CVE-2025-54517: Out of bounds write in the AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. Affected component: AMD graphics driver/kernel ioctl path (AMDGV_CMD_GET_DIAG_DATA). Root cause: out-of-bounds write in the ioctl handler...

CVE-2025-54517

Out of bounds write in AMD AMDGVCMDGETDIAGDATA ioctl handler could allow a local user to escalate privileges via remote code execution...

PT-2026-41264

A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within th...

SUSE CVE-2026-43399

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpuuserqwaitioctl Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c8315dd2...

SUSE CVE-2026-43359

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on set received ioctl due to item overflow If the set received ioctl fails due to an item overflow when attempting to add the BTRFSUUIDKEYRECEIVEDSUBVOL we have to abort the transaction since we did...

SUSE CVE-2026-43400

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpuuserqsignalioctl can lead to a OOM and could be exploited. So check these input value against AMDGPUUSERQMAXHANDLES which is big enough...

SUSE CVE-2026-43280

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add bounds check on patindex to prevent OOB kernel read in madvise When user provides a bogus patindex value through the madvise IOCTL, the xepatindexgetcohmode function performs an array access without validating bounds...

CVE-2026-43398

A flaw was found in the Linux kernel's amdgpu graphics driver. A local user could exploit this vulnerability by providing excessively large input values to the amdgpuuserqwaitioctl function. This improper input validation can lead to an Out-Of-Memory OOM condition, resulting in a Denial of Servic...

CVE-2026-43399

A flaw was found in the Linux kernel's AMD GPU amdgpu driver. Specifically, a reference leak occurs in the amdgpuuserqwaitioctl function. This issue arises when an I/O control ioctl operation is aborted because the output array provided is insufficient. A local attacker could exploit this to caus...

CVE-2026-43359

A flaw was found in the Linux kernel's Btrfs file system. A local malicious user, who owns a subvolume, can exploit an item overflow vulnerability when repeatedly calling the set received ioctl with the same received UUID field for multiple subvolumes. This can trigger a transaction abort, leadin...