17 matches found
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: ip6tunnel: Fixed the handling of NEXTHDRFRAGMENT in ip6tnlparsetlvenclim. syzbot pointed out that the handling of NEXTHDRFRAGMENT is incorrect. The “fragoff” operation can only be performed if enough bytes are extracted...
ROS-20260119-7322
A vulnerability in the nilfscleardirtypages function of the fs/nilfs2/page.c module of the Linux kernel NILFS2 file system support is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004327)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004327 advisory. In uvcparsestandardcontrol of uvcdriver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure wi...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002184)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002184 advisory. The dgramrecvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structu...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002467)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002467 advisory. Off-by-one error in the bpfjitcompile function in arch/x86/net/bpfjitcomp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003452)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003452 advisory. Race condition in the sndpcmperiodelapsed function in sound/core/pcmlib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial o...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003059)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003059 advisory. The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003167)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003167 advisory. Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003061)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003061 advisory. An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xenfailsafecallback entry point in arch/x86/entry/entry64.S does not...
UBUNTU-CVE-2022-50851
In the Linux kernel, the following vulnerability has been resolved: vhostvdpa: fix the crash in unmap a large memory While testing in vIOMMU, sometimes Guest will unmap very large memory, which will cause the crash. To fix this, add a new function vhostvdpageneralunmap. This function will only...
CVE-2023-53821
CVE-2023-53821 pertains to the Linux kernel, addressing a slab-use-after-free in ip6_vti/decode_session6 when an IPv6 vti skb cb field is modified during enqueuing. The vulnerability could enable use-after-free during transmission via vti6_tnl_xmit path; the fix, per the advisory, is to set the s...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986470)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986470 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: fix possible use-after-free in smsc75xxbind The commit 46a8b29c6306 net: usb: fix memor...
DEBIAN-CVE-2025-38364
In the Linux kernel, the following vulnerability has been resolved: mapletree: fix MASTATEPREALLOC flag in maspreallocate Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request through masnodecountgfp, but...
The vulnerability of the manage_oob() function in the net/unix/af_unix.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the manageoob function in the net/unix/afunix.c module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...
UBUNTU-CVE-2024-56624
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix outfput in iommufdfaultalloc As fput calls the file-fop-release op, where fault obj and ictx are getting released, there is no need to release these two after fput one more time, which would result in imbalanced...
SUSE CVE-2024-26780
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...
The vulnerability of the ip_cmsg_recvchecksum function (net/ipv4/ip_sockglue.c) in the Linux operating system’s kernel allows a attacker to cause a service failure.
The vulnerability of the ipcmsgrecvchecksum function in the Linux kernel’s net/ipv4/ipsockglue.c file arises from a read operation that exceeds the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to trigger a service failure by using a specially crafted system cal...