Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kern...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ofnuma: Fixed uninitialized memory nodes that caused kernel panic. When there are memory-only nodes nodes without CPUs, these nodes are not properly initialized, causing kernel panic during boot. ofnumainit ofnumaParseCPUNodes...

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Fixed NULL pointer dereferencing when nosmp is used When nosmp is used in the command line, other CPUs are not brought up, leaving their cpcdescptr NULL. CPU0’s iteration via foreachpossiblecpu dereferences these NULL...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: In the tty module, for the serial subsystem, there is a issue where the uartlite driver is registered within the init function. When two instances of the uart device are being probed, a concurrency race may occur. If one thread...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: added a sanity check on sitbitmapsize. With the above testcase, resizing will generate a corrupted image that contains inconsistent metadata. As a result, when mounting such an image, the kernel will trigger a panic. Steps ...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: LoongArch: Fixed a panic that occurred due to NULL-PMD in hugepteoffset ERROR INFO: CPU 25 Unable to handle kernel paging request at virtual address 0x0 ... Call Trace: hugepteoffset+0x3c/0x58 hugetlbfollowpagemask+0x74/0x438...

SUSE CVE-2025-40106

In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedibufmunge The comedibufmunge function performs a modulo operation async-mungechan %= async-cmd.chanlistlen without first checking if chanlistlen is zero. If a user program submits a command with...

EUVD-2025-37321

In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedibufmunge The comedibufmunge function performs a modulo operation async-mungechan %= async-cmd.chanlistlen without first checking if chanlistlen is zero. If a user program submits a command with...

CVE-2025-40106

In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedibufmunge The comedibufmunge function performs a modulo operation async-mungechan %= async-cmd.chanlistlen without first checking if chanlistlen is zero. If a user program submits a command with...

CVE-2025-40106

In CVE-2025-40106, the Linux kernel’s comedi_buf_munge() could divide by zero when chanlist_len is zero, since it performed async->munge_chan %= async->cmd.chanlist_len without a prior check. The fix adds an explicit zero-check at the start of comedi_buf_munge(), mirrors existing checks for...

CVE-2025-40106 comedi: fix divide-by-zero in comedi_buf_munge()

In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedibufmunge The comedibufmunge function performs a modulo operation async-mungechan %= async-cmd.chanlistlen without first checking if chanlistlen is zero. If a user program submits a command with...

EUVD-2023-60045

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting XSS and cross-site request forgery CSRF via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context ...

Linux Distros Unpatched Vulnerability : CVE-2025-40106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: fix divide-by-zero in comedibufmunge The comedibufmunge function performs a modulo operation async-mungechan %= async-cmd.chanlistlen without first...

SUSE CVE-2025-40041

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign-extend struct ops return values properly The nsbpfqdisc selftest triggers a kernel panic: Oops1: CPU 0 Unable to handle kernel paging request at virtual address 0000000000741d58, era == 90000000851b5ac0, ra =...

Linux Distros Unpatched Vulnerability : CVE-2025-40041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign-extend struct ops return values properly The nsbpfqdisc selftest trigge...

SUSE CVE-2025-40032

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release The fields dmachantx and dmachanrx of the struct pciepftest can be NULL even after EPF initialization. Then it is prudent to check that they have non-NUL...

SUSE CVE-2025-40060

In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Return NULL pointer for allocation failures When the TRBE driver fails to allocate a buffer, it currently returns the error code "-ENOMEM". However, the caller etmsetupaux only checks for a NULL pointer, so it...

SUSE CVE-2025-40079

In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Sign extend struct ops return values properly The nsbpfqdisc selftest triggers a kernel panic: Unable to handle kernel paging request at virtual address ffffffffa38dbf58 Current testprogs pgtable: 4K pagesize, 57-bit...

CVE-2025-40060

In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Return NULL pointer for allocation failures When the TRBE driver fails to allocate a buffer, it currently returns the error code "-ENOMEM". However, the caller etmsetupaux only checks for a NULL pointer, so it...

CVE-2025-40060

In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Return NULL pointer for allocation failures When the TRBE driver fails to allocate a buffer, it currently returns the error code "-ENOMEM". However, the caller etmsetupaux only checks for a NULL pointer, so it...