555 matches found
kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...
DEBIAN-CVE-2026-53319
In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...
CVE-2026-53230
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix slab-out-of-bounds in mlx5querynicvportmaclist mlx5querynicvportmaclist sizes its firmware command buffer using the PF's logmaxcurrentuc/mclist capabilities. When querying a VF vport with a larger configured max via...
UBUNTU-CVE-2026-53246
In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...
EUVD-2026-39217
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...
EUVD-2026-39291
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...
CVE-2026-53191
CVE-2026-53191 affects the Linux kernel io_uring/net path. In bundle recv retries (with incremental mode and provided buffer rings IOU_PBUF_RING_INC), a memory handling bug caused IORING_CQE_F_BUF_MORE to be dropped during flag merge, allowing the kernel to leave a stale BUF_MORE in carried flags...
EUVD-2026-38849
In the Linux kernel, the following vulnerability has been resolved: neigh: let neighxmit take skb ownership neighxmit always releases the skb, except when no neighbour table is found. But even the first added user of neighxmit mpls relied on neighxmit to release the skb or queue it for tx. sashik...
CVE-2026-53045 memory: tegra124-emc: Fix dll_change check
In the Linux kernel, the following vulnerability has been resolved: memory: tegra124-emc: Fix dllchange check The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the check...
CVE-2026-52981
CVE-2026-52981 concerns a Linux kernel issue in neigh_xmit: when called with an uninitialized neighbor table (e.g., NEIGH_ND_TABLE with IPv6 disabled), neigh_xmit can return -EAFNOSUPPORT without releasing the skb, risking a memory leak. The fix removes the remaining code path that could neither ...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: kcm: fixed zero-frag skb in fraglist in case of partial sendmsg errors Syzkaller reported a warning in kcmwritemsgs when processing a message with a zero-fragment skb in the fraglist. When kcmsendmsg fills MAXSKBFRAGS fragments i...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Media: imon: Make sendpacket more robust syzbot reports that imon has three problems that result in hung tasks due to continuously holding the device lock 1. The first problem is that when usbrxcallbackintf0 receives an -EPROT...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: 6lowpan: resetting the link-local header in the IPv6 receive path The Bluetooth 6lowpan.c netdev module has the headerops function; therefore, it must set the link-local header for the RX skb packet. Otherwise, thin...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: enetc: Deny offloading of tc-based TSN features on VF interfaces TSN features on the ENETC taprio, cbs, gate, police are configured through a combination of command BD ring messages and port registers: enetcportrd,...
Siemens RUGGEDCOM RST2428P Improper Update of Reference Count (CVE-2025-40251)
In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to Unset parent for all rate objects. However, it was only calling the driver-specific rateleafparentset or...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-71191)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: athdmac: fix device leak on ofdmaxlate Make sure to drop the reference taken when looking up the DMA platform device during ofdmaxlate when releasing channel resources. Note that commit 3832b78b3ec2 dmaengine: athdmac:...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23111)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix inverted genmask check in nftmapcatchallactivate nftmapcatchallactivate has an inverted element activity check compared to its non-catchall counterpart nftmapelemactivate and compared to what is logically...
Siemens RUGGEDCOM RST2428P Multiple Releases of Same Resource or Handle (CVE-2025-40261)
In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...
SUSE CVE-2026-46285
In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3release In docg3release, the docg3 pointer is obtained from cascade-floors0-priv before the loop that calls docreleasedevice on each floor. docreleasedevice frees the docg3 struct via...
CVE-2026-46307 wifi: ath5k: do not access array OOB
In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: The ath5k driver seems to do an array-index-out-of-bounds access as shown by the UBSAN kernel message: UBSAN: array-index-out-of-bounds in...