6605 matches found
EUVD-2026-39206
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate advertising TLV before type checks tlvdataisvalid reads each advertising data field length from datai, then inspects datai + 1 for managed EIR types before checking that the current field still fits insi...
CVE-2026-53247
CVE-2026-53247 affects the Linux kernel’s MTK Ethernet subsystem (net: ethernet: mtk_eth_soc). The vulnerability arises in the RX path when using non-refcounted pointers to a metadata_dst; mtk_free_dev() frees the metadata_dst with kfree(), bypassing the RCU grace period, creating a potential use...
CVE-2026-53157
Summary of CVE-2026-53157 (Linux kernel, phonet): The vulnerability occurs in the phonet device teardown where phonet_device_destroy() removes the device from the per-net list with list_del_rcu(), but frees it immediately instead of after the RCU grace period. This allows RCU readers traversing t...
EUVD-2026-38927
In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to regioncount overflow The local variable regioncount in createlogcontext is declared as unsigned int 32-bit, but dmsectordivup returns sectort 64-bit. When a device-mapper target has a...
Linux Distros Unpatched Vulnerability : CVE-2026-52910
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. 0 The repro sets up a UDP reuseport group with a cBPF pr...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86: Added SRCU protection for reading PDPTRs in getsregs2. Added read-side protection when reading PDPTR registers in getsregs2. Reading PDPTRs may trigger access to guest memory: kvmpdptrread - svmcachereg - loadpdptrs ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mshv: Fixed the check for overlap in memory regions. The current check was incorrect; it only checks whether the beginning or end of a region is within an existing region. This does not take into account cases where the user spac...
Astra Linux – Vulnerability in Linux, Linux 5.10
A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: - In pptp: ensure that the minimum skb length is properly set in pptpxmit. - Commit aabc6596ffb3 “net: ppp: Add bound checking for skb data in pppsynctxmung” fixed pppsynctxmunge. We need a similar fix in pptpxmit; otherwise, ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007loadencoder In go7007loadencoder, the variable bounce i.e., go-bootfw is allocated without subsequent deallocation. After the following call chain: saa7134go7007init | | - go7007bootencoder |...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer. Since the report buffer is used by various drivers in various ways, let’s initialize it to zero during allocation, so that it cannot ever be used to leak kernel memory through special...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb – revert the use of devmkzalloc in btusb This change reverts to the behavior described in commit 98921dbd00c4e “Bluetooth: Use devmkzalloc in btusb.c file”. In btusbprobe, we use devmkzalloc to allocate the btusb...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: brcmfmac: pcie: Firmware is released in the brmflpciesetup error path. This prevents memory leaks if the brmflchipgetraminfo function fails. Note that the CLM blob is released in the device removal path...
Astra Linux – Vulnerability in Linux, Linux 5.10
A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel up to version 6.3.1, a use-after-free issue in Netfilter’s nftables module arises when processing batch requests. This allows unprivileged local users to obtain root privileges. The issue occurs due to improper handling of anonymous sets...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RISCV: Misaligned – Restricts user access to kernel memory. The rawcopyto,fromuser function does not call accessok, allowing userspace to access any virtual memory address...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fixed the PTE update for kernel memory on radix. When adding a PTE, a ptesync is required to ensure that the PTE update is performed correctly. Otherwise, a spurious fault may occur. radixsetpteat does not perform th...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: hfsplus: fixed the KMSAN uninit-value issue in hfsplusextcacheextent The syzbot reported an issue in hfsplusextcacheextent: 70.194323 T9350 BUG: KMSAN: uninit-value in hfsplusextcacheextent+0x7d0/0x990 70.195022 T9350...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: mm/vmalloc: fixed vmalloc, which may return null if called with GFPNOFAIL. The commit a421ef303008 "mm: allow !GFPKERNEL allocations for kvmalloc" includes support for GFPNOFAIL, but it creates a conflict with the commit...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fixed the issue of a memory leak caused by the failure to remove generic power domains when the ofgenpdaddprovideronecell function fails during probing. If the ofgenpdaddprovideronecell function fails during...