267 matches found
CVE-2026-53311
In the Linux kernel, the following vulnerability has been resolved: fuse: fix uninit-value in fusedentryrevalidate fusedentryrevalidate may be called with a dentry that didn't had -dtime initialised. The issue was found with KMSAN, where lookupopen calls dalloc, followed by drevalidate, as shown...
PT-2026-52338
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where an uninitialized stack variable is used within the rseq exit user update function. This occurs because the evaluation order of expressions in an initializer list is...
CVE-2026-52985
CVE-2026-52985 concerns the Linux kernel in the netdevsim feature, where the IP header in a dummy skb was not zero-initialized in nsim_dev_trap_skb_build. The issue arises from using skb_put instead of skb_put_zero, leading to uninitialized values in the IP header and potential memory/safety impl...
CVE-2026-46169
The CVE-2026-46169 case concerns the Linux kernel HFS Plus (HFS+) filesystem. The root cause is that hfs_brec_read() validates only that entrylength fits a buffer but does not confirm that the on-disk catalog record size matches the expected type, allowing partial reads on corrupted filesystems. ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ethtool: Fixed an issue where the uninitialized number of lanes was used. It is not possible to set the number of lanes when adjusting link modes using the legacy IOCTL ethtool interface. Since the structure struct...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: net/9p: Fixed an issue related to uninit-value in p9clientrpc. Syzbot, with the help of KMSAN, reported the following errors: BUG: KMSAN: uninit-value in trace9pclientres, include/trace/events/9p.h:146 inline BUG: KMSAN:...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: ath9khtc: fixed uninitialized values issues Syzbot reported 2 KMSAN bugs in ath9k. All of these bugs are caused by missing field initialization. In htcconnectservice, svcmetalen and pad are not initialized. Based on the code, ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netlink: added nla be16/32 types to the minlen array BUGs: KMSAN: uninit-value in nlavalidaterangeunsigned, lib/nlattr.c:222 inline BUGs: KMSAN: uninit-value in nlavalidateintrange, lib/nlattr.c:336 inline BUGs: KMSAN:...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: llc: Support for ETHPTR8022 has been removed. The syzbot reported a bug related to uninit-values. 0 llc previously supported ETHP8022 0x0004 and also ETHPTR8022 0x0011. The syzbot exploited this to trigger the bug. The code us...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: hfs: fixed the issue where fields of hfs inodeinfo were initialized after hfsallocinode Syzbot reports an issue with accessing uninitialized values as follows: loop0: detected a change in capacity from 0 to 64...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: virtio/vsock: Fixed an uninit-value issue in virtiotransportrecvpkt KMSAN reported the following uninit-value access issues: ===================================================== BUG: KMSAN: uninit-value in...
CVE-2026-43139
The CVE-2026-43139 entry concerns the Linux kernel xfrm6 subsystem. The issue arises in xfrm6_get_saddr() which does not check the return value of ipv6_dev_get_saddr(); when ipv6_dev_get_saddr() fails with -EADDRNOTAVAIL, saddr->in6 remains uninitialized and xfrm6_get_saddr() incorrectly retur...
CVE-2026-43036 net: use skb_header_pointer() for TCPv4 GSO frag_off check
In the Linux kernel, the following vulnerability has been resolved: net: use skbheaderpointer for TCPv4 GSO fragoff check Syzbot reported a KMSAN uninit-value warning in gsofeaturescheck called from netifskbfeatures 1. gsofeaturescheck reads iph-fragoff to decide whether to clear mangleidfeatures...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013764)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013764 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: idmouse: fix an uninit-value in idmouseopen In idmousecreateimage, if any ftipcommand fails,...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012995)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012995 advisory. In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplusdeletecat The syzbot reported issue in...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of usbnet read calls Syzkaller, with the help of syzbot, identified an error in the aqc111 driver. This error was caused by incomplete sanitization of the results of usbnet read calls. This...
SUSE CVE-2025-68751
In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpuvstl A false-positive kmsan report is detected when running ping command. An inline assembly instruction 'vstl' can write varied amount of bytes depending on value of 'index'...
CVE-2025-68751
In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpuvstl A false-positive kmsan report is detected when running ping command. An inline assembly instruction 'vstl' can write varied amount of bytes depending on value of 'index'...
CVE-2025-68751
In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpuvstl A false-positive kmsan report is detected when running ping command. An inline assembly instruction 'vstl' can write varied amount of bytes depending on value of 'index'...
CVE-2025-68751 s390/fpu: Fix false-positive kmsan report in fpu_vstl()
In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpuvstl A false-positive kmsan report is detected when running ping command. An inline assembly instruction 'vstl' can write varied amount of bytes depending on value of 'index'...