Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - acpi: nfit: vmalloc-out-of-bounds read in acpinfitctl A issue detected by syzbot with KASAN has also been fixed: BUG: KASAN: vmalloc-out-of-bounds in cmdtofunc, drivers/acpi/nfit/core.c:416 inline BUG: KASAN:...

EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2171)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: BPF: crypto: Use the correct destructor kfunc type With CONFIGCFI enabled, the kernel strictly ensures that indirect function calls use a function pointer type that matches the target function. I encountered the following type...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: The issue related to ref-counting on the PMU “vpapmu” has been fixed. Commit 176cda0619b6 “powerpc/perf: Add a perf interface to expose vpa counters” introduced “vpapmu” to expose the Book3s-HV nested APIv2. This...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: The issue of dereferencing a stale list iterator after the loop body has been executed has been fixed. The list iterator variable will become a bogus pointer if no break is executed. Dereferencing it in this case, cur-page...

CVE-2026-31766 drm/amdgpu: validate doorbell_offset in user queue creation

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...

CVE-2026-31469

The CVE-2026-31469 issue affects the Linux kernel virtio_net driver, where a Use-After-Free can occur when IFF_XMIT_DST_RELEASE is cleared and napi_tx is disabled, if the network namespace is destroyed while pending skbs remain in the transmit path. The root cause is the dst_ops reference being f...

kernel: macvlan: fix possible UAF in macvlan_forward_source()

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlanforwardsource Add RCU protection on struct macvlansourceentry-vlan. Whenever macvlanhashdelsource is called, we must clear entry-vlan pointer before RCU grace period starts. This allows...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005755 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the struct aiokiocb conversion The first kiocbsetcancelfn argument...

CVE-2026-23064 net/sched: act_ife: avoid possible NULL deref

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: avoid possible NULL deref tcfifeencode must make sure ifeencode does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 SMP KASAN NOP...

OESA-2026-1276 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report 1 with no reproducer hints at a bug in ip6gre tunnel dev:ip6gretap0 Since ipv6 mcast code makes sur...

CVE-2026-23011 ipv4: ip_gre: make ipgre_header() robust

In the Linux kernel, the following vulnerability has been resolved: ipv4: ipgre: make ipgreheader robust Analog to commit db5b4e39c4e6 "ip6gre: make ip6greheader robust" Over the years, syzbot found many ways to crash the kernel in ipgreheader 1. This involves team or bonding drivers ability to...

UBUNTU-CVE-2025-71128

In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize optionslen before referencing options. The struct iptunnelinfo has a flexible array member named options that is protected by a countedbyoptionslen attribute. The compiler will use this information to enforce...

CVE-2023-43515

Memory corruption in HLOS while running kernel address sanitizers syzkaller on tmecom with DEBUGFS enabled...

CVE-2023-53988 fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdrdeletede Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdrdeletede+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff888079cc0600 by task...

CVE-2025-68725 bpf: Do not let BPF test infra emit invalid GSO types to stack

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skbwarnbadoffload from netifskbfeatures - gsofeaturescheck. When a BPF program - triggered via BPF...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989647 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on totaldatablocks As Yanming reported in bugzilla:...

SUSE CVE-2025-40073

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Do not validate SSPP when it is not ready Current code will validate current plane and previous plane to confirm they can share a SSPP with multi-rect mode. The SSPP is already allocated for previous plane, while current...

CVE-2023-53665 md: don't dereference mddev after export_rdev()

In the Linux kernel, the following vulnerability has been resolved: md: don't dereference mddev after exportrdev Except for initial reference, mddev-kobject is referenced by rdev-kobject, and if the last rdev is freed, there is no guarantee that mddev is still valid. Hence mddev should not be use...

EUVD-2025-26765

Malicious code in bioql PyPI...