5936 matches found
EUVD-2026-39855
In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bdoblocknr in nilfsioctlmarkblocksdirty nilfsioctlmarkblocksdirty uses bdoblocknr to detect dead blocks by comparing it with the current block number bdblocknr. If they differ, the block is considered dead and...
CVE-2026-0828
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes...
CVE-2026-53145
A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM subsystem. A race condition exists within the changehandle ioctl between gemclose and gemchangehandle operations. This could lead to incorrect handling of graphics memory, potentially resulting in...
EUVD-2026-39213
In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tpioctl pppol2tpioctl read sock-sk-skuserdata directly without any locks or reference counting. If a controllable sleep was induced during copyfromuser e.g. via a userfaultfd pag...
CVE-2026-53262
In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tpioctl pppol2tpioctl read sock-sk-skuserdata directly without any locks or reference counting. If a controllable sleep was induced during copyfromuser e.g. via a userfaultfd pag...
EUVD-2026-39283
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at sndtimeruserparams At releasing a timer object, e.g. when a userspace timer CONFIGSNDUTIMER gets closed and sndtimerfree is called, it tries to detach the timer instances and release the resources. However...
CVE-2026-53173
CVE-2026-53173 describes a Linux kernel vulnerability in accel/ethosu where an OOB write can occur in ethosu_gem_cmdstream_copy_and_validate(). The root cause is a loop that increments the index a second time when a 64-bit command word is encountered (bit 14 set) but does not re-check the bound b...
CVE-2026-53145
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...
EUVD-2026-38908
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate bgbits during freefrag scan BUG A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2IOCINFO is issued with OCFS2INFOFLNONCOHERENT. BUG: KASAN: use-after-free in instrumentatomicread...
EUVD-2026-38707
In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...
CVE-2026-52937
CVE-2026-52937 details a stack information leak in the Linux kernel related to the macvtap mac address path. In tap_ioctl() for SIOCGIFHWADDR, the code copies 16 bytes from an uninitialized on-stack sockaddr_storage to userspace via ifr_hwaddr. The implementation only writes sa_family and dev->...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: loop: Overflow check during loop configuration The user space can configure a loop using an ioctl call. In this process, a configuration of type loopconfig is passed see the loioctl case on line 1550 of drivers/block/loop.c. This...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure that info-enable callback is always set. The ioctl and sysfs handlers call the -enable callback unconditionally. Not all drivers implement this callback, resulting in NULL dereferencing. Examples of affected drivers:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevent potential UAF Use After Free issues during group creation. This commit addresses the issue where a malicious user space could potentially alter the handle of a group and attempt to call the GROUPDESTROY ioctl...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevents potential Spectre v1 exploits. It seems that cmd could be a Spectre v1 exploit, as it is provided by a user and used as an array index. This vulnerability prevents the contents of kernel memory from being leake...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: A overflow issue was identified in IOMMUTESTOPADDRESERVED. syzkaller discovered that this could lead to an overflow in the test infrastructure and cause a WARN message by corrupting the reserved interval tree...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe: The numsyncs parameter has been limited to prevent excessively large allocations. The exec and vmBind ioctls allow userspace to specify an arbitrary numsyncs value. Without proper bounds checking, a very large numsyncs...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Fixed a divide-by-zero bug in arksetpixclock Since the user can control the arguments of the ioctl function from the user space, there are special cases where a divide-by-zero bug may occur. For example, in:...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nbd: Fixed incomplete validation of ioctl arguments. We identified an alarm caused by incomplete validation of ioctl arguments without proper verification. The UBSAN warning appears as follows: UBSAN: Undefined behavior in...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a use-after-free after failing to create a snapshot. In ioctl.c’s createsnapshot function, we allocate a pending snapshot structure and then attach it to the transaction’s list of pending snapshots. After that, we ca...