CVE-2026-53295

CVE-2026-53295 (Linux kernel) : The mailbox subsystem contains a missing sanity check for the channel array on a mailbox controller. If no channel array is attached, subsequent dereferencing can trigger an OOPS, potentially not visible because mailbox controllers may initialize very early. The fi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limits the number of signal/freq counts in summary output functions. The debugfs summary output could access uninitialized elements in the freqin and signalout arrays, leading to NULL pointer dereferences and triggering...

Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in ksmbd within the Linux kernel versions 5.15 through 5.19, prior to 5.19.2. There is an out-of-bounds read and an OOPS error for SMB2write, when a large length is present in the zero DataOffset case. source-iocs-preserved const=SMB2WRITE...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fixed the issue with mlx5ibgethwstats when used for devices. Currently, when mlx5ibgethwstats is used for a device where portnum = 0, there is a special handling to ensure that the correct counters are used. However,...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: ignore interrupt if no descriptor If the channel has no descriptor and the interrupt is raised, then the kernel will make a mistake. Check the result of vchannextdesc in the handler axichanblockxfercomplet...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: Fixed an oops error when removing custom query handlers. When removing custom query handlers, the handler may still be used within the EC query workqueue. This could lead to a kernel oops if the module that holds the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Fix for filter limit check In watchqueuesetfilter, there are several places where we check that the filter type value does not exceed what the typefilter bitmap can hold. One place calculates the number of bits using...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: UBLK: Failure to start a device if queue setup is interrupted In ublkctrlstartdev, if waitforcompletioninterruptible is interrupted by a signal, the queues are not set up successfully. As a result, we must fail the UBLKCMDSTARTDE...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: Unregistering the i2c device after unregistering the CEC adapter. The cecunregisteradapter function assumes that the underlying CEC adapter is callable. For example, if the CEC adapter currently has a valid...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: Do not print NULL LLI during an error. During debugging, we encountered an issue where the axichandumplli function was passed a NULL LLI pointer, which resulted in an OOPS error due to attempts to access...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: hwmon: gpiofan Fix for out-of-bounds access to arrays The driver does not check whether the cooling state passed to gpiofansetcurstate exceeds the maximum cooling state stored in fandata-numspeeds. Since the cooling state is late...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: hisilicon: Added multi-thread support for DMA channels. When a DMA channel is obtained and tried to be used across multiple threads, it can lead to errors and cause the system to hang. bash % echo 100...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rvcv: fixed an oops caused by the irqsoff latency tracer. The tracehardirqson,off functions require the caller to properly set up the frame pointer. This is because these two functions use the macro CALLERADDR1 also known as...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a bug in ext4escacheextent when ext4splitextentat failed. We encountered the issue when running fsstress with an IO fault: 130747.323114 Kernel BUG at fs/ext4/extentsstatus.c:762! 130747.323117 Internal error: Oops...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Added freetransport operations in ksmbd connections. The freetransport function for TCP connections can be called from smdbdirect. This could lead to a kernel error. This patch adds freetransport operations in ksmbd...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/gvt: fixed the issue where vGPU debugfs was cleaned up during the remove operation. Check carefully whether the root debugfs is available when destroying the vGPU. For example, in the remove operation, the DRM minor’s...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: The issue was fixed in the concurrently setting of insnemulation sysctls. The emulationprochandler function changes table-data for procdointvecminmax. However, it may cause an OOPs error if called concurrently with itself:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: UBLK: Failure to recover a device if queue setup is interrupted In ublkctrlendrecovery, if waitforcompletioninterruptible is interrupted by a signal, the queues are not set up successfully. As a result, we must fail the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevents renaming with an empty string. A client can send an empty newname string to the ksmbd server. This will cause a kernel error due to dalloc. This patch prevents the error from occurring when attempting to rename a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Do not store mlx5epriv in mlx5edev devlink priv mlx5epriv is an unstable structure that can be memset0 if profile attachment fails. mlx5epriv in mlx5edev devlink private is used to reference the netdev and mdev...