Linux Distros Unpatched Vulnerability : CVE-2026-46325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different fr...

Exploit for Write-what-where Condition in Linux Linux_Kernel

Dirty Frag: Universal Linux LPE Abstract This document e...

CVE-2026-43427

The CVE covers a Linux kernel issue in the usb: class: cdc-wdm read path. Due to compiler optimization or CPU out-of-order execution, desc->length could be updated after a memmove, causing wdm_read() to observe a new length and copy_to_user() from uninitialized memory, violating LKMM data race...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: riscv: The issue with the handling of SRSPIE set/clear operations during uprobe has been fixed. In riscv, the process of uprobe involves clearing the SPIE before executing the original instruction, and setting the SPIE after...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed the inode leak in btrfsiget. BUG There is a bug report that a syzbot reproducer can lead to the following busy inode at unmount time: - BTRFS info: Last unmount of the filesystem 1680000e-3c1e-4c46-84b6-56bd3909af50 ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Bail out from dwc3gadgetexit if dwc-gadget is NULL. There exists a possible scenario in which dwc3gadgetinit may fail: during the switch between peripheral and host modes in dwc3setmode, and if a pending gadget...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: hamradio: Fixed a memory leak in mkissclose. My local syzbot instance encountered a memory leak in mkissopen1. The issue arose from the missing freenetdev call in mkissclose. In mkissopen, netdevice is allocated and then...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: jfs: fixed an array-index-out-of-bounds issue in diNewExt Syz report UBSAN: array-index-out-of-bounds in fs/jfs/jfsimap.c:2360:2 Index -878706688 is out of range for the type 'struct iagctl128' CPU: 1 PID: 5065 Comm:...

Exploit for CVE-2026-31431

CVE-2026-31431 Copy Fail – a 4‑byte page‑cache write prim...

PT-2026-35872

Name of the Vulnerable Software and Affected Versions xen affected versions not specified Description Security issues were identified and addressed in the xen-4.21.1 04-1.1 package on the GA media of openSUSE Tumbleweed. Recommendations Update to the xen-4.21.1 04-1.1 package...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010787 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and free the target...

ROS-20260313-73-0041

A vulnerability in the l2capsockresumecb function of the Bluetooth component of the Linux operating system kernel is related to post-release usage errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005711)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005711 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sitbitmapsize w/ below testcase, resize will generate a corrupted...

kernel: Bluetooth: hci_event: call disconnect callback before deleting conn

A flaw was found in the Linux kernel in which a callback is not called when a Bluetooth peripheral is disconnected. This flaw leads to a use-after-free, which an attacker could use to escalate their privileges, corrupt system memory, or otherwise cause a denial of service...

CVE-2026-23010 ipv6: Fix use-after-free in inet6_addr_del().

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6addrdel. syzbot reported use-after-free of inet6ifaddr in inet6addrdel. 0 The cited commit accidentally moved ipv6deladdr for mngtmpaddr before reading its ifp-flags for temporary addresses in...

CVE-2026-22976

CVE-2026-22976 affects the Linux kernel’s net/sched sch_qfq, where two qfq_class objects can reference the same leaf_qdisc. In certain teardown paths (e.g., when a qdisc is pending destruction via tc_new_tfilter and another qdisc is root-attached), a shared leaf_qdisc may have q.qlen > 0 while...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001396)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001396 advisory. ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero. Tenable...

Siemens Ruggedcom ROX Use After Free (CVE-2021-47361)

In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcballocbus There are two bugs: 1 If idasimpleget fails then this code calls putdevicecarrier but we haven't yet called getdevicecarrier and probably that leads to a use after free. 2 After...

UBUNTU-CVE-2022-50873

In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fix kfree a wrong pointer in vpvdparemove In vpvdparemove, the code kfree&vpvdpamgtdev-mgtdev.idtable uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this:...

UBUNTU-CVE-2022-50679

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix DMA mappings leak During reallocation of RX buffers, new DMA mappings are created for those buffers. steps for reproduction: while : do for i=0; i=8160; i=i+32 do ethtool -G enp130s0f0 rx $i tx $i sleep 0.5 ethtool -g...