UBUNTU-CVE-2026-46106

In the Linux kernel, the following vulnerability has been resolved: eventfs: Hold eventfsmutex and SRCU when remount walks events Commit 340f0c7067a9 "eventfs: Update all the eventfsinodes from the events descriptor" had eventfssetattrs recurse through ei-children on remount. The walk only holds...

Malicious code in wdb-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ddd306d024c4dd394d19c1adb610389f239fa619d25fff4f75b857a678da0ee package.json declares "preinstall": "./vendor/setup", which on every npm install invokes a 976568-byte Linux x86 ELF binary shipped inside the packag...

MAL-2026-4713 Malicious code in wdb-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ddd306d024c4dd394d19c1adb610389f239fa619d25fff4f75b857a678da0ee package.json declares "preinstall": "./vendor/setup", which on every npm install invokes a 976568-byte Linux x86 ELF binary shipped inside the packag...

MAL-2026-4715 Malicious code in weavedb-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886f22636b5e4726978e23b10a4311fb7e65c2b10003da72429348fa617884d1 package.json declares "preinstall": "./vendor/setup", which runs a 976KB packed Linux x86 ELF binary sha256...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Tracing: The length check that causes memory corruption was corrected. We have experienced severe kernel crashes due to memory corruption in our production environment. For example: Call Trace: 1640542.554277 General protectio...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Fixed a race condition in kprobe initialization that could lead to NULL pointer dereferencing. There is a critical race condition in kprobe initialization that can cause NULL pointer dereferencing and result in a kern...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Limit access to parser-buffer when tracegetuser fails. When the length of the string written to setftracefilter exceeds FTRACEBUFFMAX, the following KASAN alarm will be triggered: BUG: KASAN: Slab-out-of-bounds in...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Fixed a use-after-free in printgraphfunctionflags during tracer switching. Kairui reported a UAF issue in printgraphfunctionflags during ftrace stress testing 1. This issue can be reproduced by putting a “mdelay10”...

SUSE CVE-2022-49006

In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that is available not currently used by other events...

CVE-2026-43210

The CVE-2026-43210 entry concerns the Linux kernel tracing ring-buffer subsystem. The root cause is inadequate validation of event length in rb_read_data_buffer(), which can cause an invalid memory access if an event’s length is corrupted, potentially at boot time. The published fix is to check t...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix potential null-ptr-deref on tracearray in kprobeeventgentestexit When testgenkprobecmd failed after kprobeeventgencmdend, it will goto delete, which will call kprobeeventdelete and release the corresponding...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not swap cpubuffer during resize process When ringbufferswapcpu was called during resize process, the cpu buffer was swapped in the middle, resulting in incorrect state. Continuing to run in the wrong state will...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problem...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: The warning in tracebufferedeventdisable has been fixed. The warning occurred in tracebufferedeventdisable at WARNONONCE!tracebufferedeventref. Call Trace: - warn+0xa5/0x1b0 - tracebufferedeventdisable+0x189/0x1b0 -...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/dma: CapDMAmapsg tracepoint arrays to prevent buffer overflows. The dmamapsg tracepoint can cause a PERF buffer overflow when tracing large scatter-gather lists. With devices like virtio-gpu that create large DRM buffers,...

Astra Linux - уязвимость в linux, linux-5.10

It was discovered that there was a lack of CPU resources in the Linux kernel tracing module functionality in versions prior to 5.14-rc3. This issue occurred due to the way users utilize the trace ring buffer. Only privileged local users with the CAPSYSADMIN capability could exploit this flaw to...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Tracing/histograms: Add histograms to histvars if they reference variables. Triggers may have referenced variables without having direct variable fields. This can occur if referenced variables are added for trigger actions. In...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Fixed an issue where corrupted data in the “hist” field could corrupt the “namedTriggers” list. The following commands cause a crash: cd /sys/kernel/tracing/events/rcu/rcucallback echo...

WOOTdroid: Whole-System Online On-Device Tracing for Android

System auditing on Android faces two problems. First, existing syscall tracers lose events under load, silently overwriting entries faster than a user space reader can drain them. Second, security-relevant application behavior is mediated through Binder, Android's kernel IPC mechanism, and is...

CVE-2026-31541

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix tracemarker copy link list updates When the "copytracemarker" option is enabled for an instance, anything written into /sys/kernel/tracing/tracemarker is also copied into that instances buffer. When the option is set...