177 matches found
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: espintcp: fixed skb leaks. Several error paths now include a kfreeskb...
Important: kernel6.18
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attrsetsize errors when truncating files CVE-2025-71289 In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl...
Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1863)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1863 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 In the Linux kernel, the following vulnerability has...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: idpf: fixed checksums set in idpfrxrsc idpfrxrsc uses skbtransportoffsetskb when the transport header is not yet set. This triggers the following warning in builds with CONFIGDEBUGNET=y:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix disconnect vs accept race Despite the commit 0ad529d9fd2b “mptcp: fix possible divide by zero in recvmsg”, the mptcp protocol is still prone to a race between disconnect or shutdown and accept. The root cause is that t...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: “Bonding”: fixed the null pointer dereference in “bondipsecoffloadok”. We must check whether there is an active slave before dereferencing the pointer...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Networks: Bridge: MST: Fixed suspicious RCU usage in brmstsetstate. I converted brmstsetstate to RCU to avoid a vlan use-after-free, but I forgot to change the vlangroupdereferencehelper. I switched to using the...
Astra Linux – Vulnerability in Linux 5.10
Improper restriction of operations within the bounds of a memory buffer in some IntelR i915 Graphics drivers for Linux before the kernel version 6.2.10 may allow an authenticated user to potentially enable privilege escalation via local access...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Flush the inode if the atomic file is aborted. We need to flush the inode that was aborted during the atomic operation, to avoid stale dirty inodes during eviction in this call stack: f2fsmarkinodedirtysync+0x22/0x40 f2f...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: afunix: Fixed data races related to user-unixinflight. user-unixinflight is updated under spinlockunixgclock, but toomanyunixfds reads it without locking. Let’s annotate the write/read accesses to user-unixinflight. BUG: KCSAN...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bcache: Reverting the change that replaced ISERRORNULL with ISERR. The commit 028ddcac477b “bcache: Removing unnecessary NULL-point checks in node allocations” causes a NULL pointer dereferencing in the cachesetFlush function...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: Prevent NULL dereference in ip6output According to syzbot, there is a possibility that ip6dstidev may return NULL in ip6output. Most parts of the IPv6 stack handle a NULL idev without issues, but this case is an exception...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: NFS: Fixed potential data corruption issues. We must ensure that the subrequests are reattached to the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: memcgwriteeventcontrol: fixed a user-triggered oops. We do not guarantee that anything beyond the terminating NUL is mapped let alone initialized with anything sensible...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: do not free the NULL coalescing rule. If parsing fails, we can dereference a NULL pointer here...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: nvme-core: fixed the devpmqos memory leak Called devpmqoshidelatencytolerance in the error unwinding patch to avoid the kmemleak issue: blktests master kmemleak-clear; ./check nvme/044; blktests master kmemleak-scan ;...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fixed a possible nullptrderef issue in cpufreqcpugetraw. cpufreqcpugetraw may return NULL if the CPU is not included in policy-cpus cpu mask, which could lead to a null pointer dereference...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access between the reset thread and the TM thread for reply queues. When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an inval...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed a potential Use-after-Allocation error in cifssignalcifsdforreconnect. Skipped sessions that are being terminated status == SESEXITING to avoid UAF errors...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Added “cancelworksync” before the module removal operation. When we remove the module that calls mpc52xxspiremove, it will free the “ms” object through spiunregistercontroller. However, the “work” stored in ms-work...