CVE-2026-45252

CVE-2026-45252 : In fusefs, when extended attributes are queried via FUSE_LISTXATTR, the kernel may call strlen() on a daemon-provided buffer without ensuring the list is fully NUL-terminated. If the list is not NUL-terminated, the fusefs kernel module may read past the end of a heap buffer and p...

CVE-2026-45252 Heap overflow in FUSE_LISTXATTR

When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...

CVE-2026-45252 Heap overflow in FUSE_LISTXATTR

When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...

FreeBSD : FreeBSD -- Heap overflow in FUSE_LISTXATTR (3cc34467-54b6-11f1-8d7a-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3cc34467-54b6-11f1-8d7a-bc241121aa0a advisory. When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message t...

Astra Linux - уязвимость в linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: x86/mm/identmap: Use GB pages only when the entire GB page should be mapped. When identpudinit uses only GB pages to create identity maps, large ranges of addresses that are not actually requested can be included in the resulting...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: brcmfmac: pcie: Firmware is released in the brmfipciesetup error path. This prevents memory leaks if the brmfichipgetraminfo function fails. Note that the CLM blob is released in the device removal path...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: r6040: Fixed the kmemleak in the probe function and removed it. There is a memory leak reported by kmemleak: - Unreferenced object 0xffff888116111000 size 2048: comm “modprobe”, pid 817, jiffies 4294759745 age 76.502s Hex dump...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mshv: Fixed the check for overlap in memory regions. The current check is incorrect; it only checks whether the beginning or end of a region is within an existing region. This does not take into account cases where userspace...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb – revert the use of devmkzalloc in btusb This change reverts to the behavior described in commit 98921dbd00c4e “Bluetooth: Use devmkzalloc in btusb.c file”. In btusbprobe, we use devmkzalloc to allocate the btusb...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86: Added SRCU protection for reading PDPTRs in getsregs2. Added SRCU read-side protection when reading PDPTR registers in getsregs2. Reading PDPTRs may trigger access to guest memory: kvmpdptrread - svmcachereg -...

Astra Linux - уязвимость в linux

A issue was discovered in the Linux kernel through version 5.11.x. The kernel/bpf/verifier.c file contains unwanted out-of-bounds speculation during pointer arithmetic operations, which allows for side-channel attacks that circumvent Spectre mitigations and extract sensitive information from kern...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel up to version 6.3.1, a use-after-free issue in Netfilter’s nftables module arises when processing batch requests. This allows unprivileged local users to obtain root privileges. The issue occurs due to improper handling of anonymous sets...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007loadencoder In go7007loadencoder, the variable bounce i.e., go-bootfw is allocated without subsequent deallocation. After the following call chain: saa7134go7007init | | - go7007bootencoder |...

Astra Linux - уязвимость в linux, linux-5.10

A vulnerability was discovered in the drivers/usb/gadget/function/rndis.c file within the Linux kernel before version 5.16.10. The RNDIS USB gadget does not include validation for the size of the RNDISMSGSET command. Attackers can obtain sensitive information from the kernel memory...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: hfsplus: fixed the KMSAN uninit-value issue in hfsplusextcacheextent The syzbot reported an issue in hfsplusextcacheextent: 70.194323 T9350 BUG: KMSAN: uninit-value in hfsplusextcacheextent+0x7d0/0x990 70.195022 T9350...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fixed the issue where genpd leaks occur during provider registration failures. If the ofgenpdaddprovideronecell function fails during the probe phase, the previously created generic power domains are not...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: nfs: Fixed the KMSAN warning in decodegetfattr attrs. Fixed the following KMSAN warnings: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: B=BADPAGE Hardware name: QEMU Standard PC Q35 + ICH9, 2009...

Astra Linux - уязвимость в linux, linux-5.10

A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...

Astra Linux - уязвимость в linux, linux-5.10

A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: tipc: Changed the nlapolicy for bearer-related names to NLANULSTRING. The syzbot reported the following uninit-value access issues 1: ===================================================== BUG: KMSAN: uninit-value in strlen in...