CVE-2026-36175

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments...

CVE-2026-46249 octeontx2-af: Fix PF driver crash with kexec kernel booting

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix PF driver crash with kexec kernel booting During a kexec reboot the hardware is not power-cycled, so AF state from the old kernel can persist into the new kernel. When AF and PF drivers are built as modules, the...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2 – Clearing the BM pool before initialization. The register values persist after booting the kernel using kexec, which results in a kernel panic. Therefore, it is necessary to clear the BM pool registers before...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Drivers: vmbus: Check for channel allocation before looking up relids relid2channel assumes that the vmbus channel array is allocated when it is called. However, in situations like kdump/kexec, not all relids will be reset by...

Astra Linux - уязвимость в linux-5.15, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: da9211 – Use the irq handler when ready. If the system does not start from a reset state such as when it is in kexec mode, the regulator might have an IRQ waiting for processing. If we enable the IRQ handler before its...

CVE-2023-54059

CVE-2023-54059 affects the Linux kernel in the Mediatek SVS subsystem (soc: mediatek: mtk-svs). The issue arises when the system does not come from a reset (e.g., boot via kexec): the peripheral may trigger an IRQ before data structures are initialised, potentially leading to a NULL pointer deref...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: riscv: cpuopssbi: Use static array for bootdata Since commit 6b9f29b81b15 "riscv: Enable pcpu page first chunk allocator", if NUMA is enabled, the page percpu allocator may be used on very sparse configurations, or when requested...

CVE-2025-39844

CVE-2025-39844 relates to a Linux kernel memory-management bug where page-table synchronization was not consistently performed when vmemmap spans multiple PGD entries. The issue caused intermittent boot failures and a kernel panic (notably on 4-level paging with large persistent memory) due to a ...

CVE-2023-53273 Drivers: vmbus: Check for channel allocation before looking up relids

In the Linux kernel, the following vulnerability has been resolved: Drivers: vmbus: Check for channel allocation before looking up relids relid2channel assumes vmbus channel array to be allocated when called. However, in cases such as kdump/kexec, not all relids will be reset by the host. When th...

CVE-2023-53273

In the Linux kernel vulnerability CVE-2023-53273, the issue lies in the vmbus driver’s channel handling. The function relid2channel() assumes the vmbus channel array is allocated, but in multi-kernel scenarios (e.g., kdump/kexec), not all relids are reset by the host. If a guest receives a vmbus ...

CVE-2025-38345 ACPICA: fix acpi operand cache leak in dswstate.c

In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to maliciou...

CVE-2024-56671 gpio: graniterapids: Fix vGPIO driver crash

In the Linux kernel, the following vulnerability has been resolved: gpio: graniterapids: Fix vGPIO driver crash Move setting irqchip.name from probe function to the initialization of "irqchip" struct in order to fix vGPIO driver crash during bootup. Crash was caused by unauthorized modification o...

SUSE CVE-2024-53127

In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf "mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K" increased the maxreqsize, even for 4K pages, causing various issues: - Panic...

PT-2024-33930

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a deadlock that occurs when rebooting the system at the beginning of booting. This happens because the audio driver is waiting on blk mq submit bio while holdin...

CVE-2024-35800 efi: fix panic in kdump kernel

In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if getnextvariable is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot. Tested with QEMU and OVMF firmware...

CVE-2024-26761

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address HPA the HDM decoder registers are programmed wi...

kernel: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix waitfordeviceprobe & deferredprobetimeout interaction Mounting NFS rootfs was timing out when deferredprobetimeout was non-zero 1. This was because ipautoconfig initcall times out waiting for the network interfac...

Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit

Exploit Title: Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit Author: nu11secur1ty CVE ID: CVE-2023-1998 Description Summary The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as...

SUSE CVE-2021-3418

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction...

kernel security, bug fix, and enhancement update

3.10.0-1160.62.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x64 = 15-2.0.9 - Update oraclekernel-sig-key...