71 matches found
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: lantiqetop: fixed a double-free condition in the “detach” operation. The number of descriptors that have been released so far is never incremented, which results in the same skb being released multiple times...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: lantiqgswip: Do not use devres for mdiobus As explained in the commits: 74b6d7d13307 “net: dsa: realtek: Register the MDIO bus using devres” 5135e96a3dd2 “net: dsa: Do not allocate the slavemiibus using devres” The...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Networks: Ethernet: lantiqetop – fixed memory disclosure issues. When padding packets, the buffer is not zeroed, resulting in memory disclosure. The affected data is visible on the network. This patch uses skbputpadto to properly...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: net: lantiq – Fix for memory corruption in the RX ring. In situations where memory allocation or DMA mapping fails, an invalid address may be programmed into the descriptor. This can lead to memory corruption. If memory allocatio...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiqgswip: Fixed the reference count leak in gswipgphyfwlist. In every iteration of foreachavailablechildofnode, the reference count of the previous node is decremented. When exiting the foreachavailablechildofnode lo...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiqgswip: The operation gswipremove should perform the ofnodeputpriv-ds-slavemiibus-dev.ofnode before calling mdiobusfreepriv-ds-slavemiibus...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005566)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005566 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix memory disclosure When applying padding, the buffer is not zeroed,...
Azure Linux 3.0 Security Update: kernel (CVE-2024-41046)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41046 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix double fr...
Linux Distros Unpatched Vulnerability : CVE-2025-62525
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using...
net: lantiq_xrx200: restore buffer if memory allocation failed
...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989311)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989311 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiqgswip: fix use after free in gswipremove ofnodeputpriv-ds-slavemiibus-dev.ofnode...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989805)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989805 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiqgswip: don't use devres for mdiobus As explained in commits: 74b6d7d13307 net: ds...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Sensitive Information in Resource Not Removed Before Reuse (CVE-2024-49997)
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skbputpadto to pad Ethernet frames...
CVE-2025-62525
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...
CVE-2025-62525
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...
UBUNTU-CVE-2025-62525
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...
CVE-2025-62525 OpenWrt vulnerable to local privilage escalation
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...
CVE-2025-62525 OpenWrt vulnerable to local privilage escalation
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...
CVE-2025-62525
CVE-2025-62525 affects OpenWrt pre-24.10.4. The vulnerability is in the ltq-ptm driver (DSL datapath) on lantiq targets (xrx200, danube, amazon SoCs) when DSL runs in PTM mode. Local users could read/write arbitrary kernel memory, potentially escaping containers/sandboxes. VRX518 DSL driver not a...
EUVD-2025-35592
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...