136 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrm: iptfs: fix ABBA deadlock in iptfsdestroystate iptfsdestroystate calls hrtimercancel while holding a spinlock that the timer callback also acquires, leadin...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix middle attribute validation in pushnsh action The pushnsh action structure looks like this: OVSACTIONATTRPUSHNSHOVSKEYATTRNSHOVSNSHKEYATTRBASE,... The outermost OVSACTIONATTRPUSHNSH attribute is validated by...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Apparmor: Fixed a side-effect bug in the use of the matchchar macro. The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointe...
EUVD-2026-38730
In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix OOB read in compatmtwfromuser Luxiao Xu says: The function compatmtwfromuser converts ebtables extensions from 32-bit user structures to kernel native structures. However, it lacks proper validation of th...
CVE-2026-46183
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree with damonsysfslock damonsysfsquotgoal-path can be read and written by users, via DAMON sysfs 'path' file. It can also be indirectly read, for the parameters on,offline committing to...
UBUNTU-CVE-2026-45915
In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not skip expired elements during walking. There is an asymmetry between the commit/abort phase and the preparation phase if the following conditions are met: 1. “set” is a verdict map “1.2.3.4 : jump foo”...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: can: peakpci: peakpciremove: fixed UAF. When removing the peekpci module, referencing chan again after releasing dev can lead to UAF. This issue was fixed by delaying the release of dev. The following log indicates this issue:...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed a null pointer access when the smcrreg pointer is NULL. In certain types of chips, such as VEGA20, reading the amdgpu regssmc file can lead to a null pointer access when the smcrreg pointer is NULL. Here are the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: virtioconsole: removed the anonymous moduleinit and moduleexit functions. These anonymous functions can cause confusion or ambiguity when reading the System.map file, or may lead to crashes, oopses, or bugs. Additionally, they...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: nixge: fixed NULL dereference issue. In the function nixgehwdmabdrelease, dereferencing a NULL pointer priv-rxbdv could occur in the case of an allocation failure in nixgehwdmabdinit. The for loop that dereferences...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: virtiopci: Fixed the cleanup of admin vq resources by using the correct info pointer. In vpmodernavqcleanup and vpdelvqs, the info pointer for admin vq resources is cleaned up using the virtiopcivqinfo pointer. However, the in...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallowed reading of the vsyscall page for copyfromkernelnofault When attempting to use copyfromkernelnofault to read the vsyscall page through a bpf program, the following oops was reported: BUG: Unable to handle a page...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: setpageextentmapped after readfolio in btrfscontexpand. While attempting to run the subpage block size tests, I encountered the following panic in generic/476: Assertion failed: PagePrivatepage && page-private, in...
EUVD-2026-28778
In the Linux kernel, the following vulnerability has been resolved: unshare: fix unsharefs handling There's an unpleasant corner case in unshare2, when we have a CLONENEWNS in flags and current-fs hadn't been shared at all; in that case copymntns gets passed current-fs instead of a private copy,...
CVE-2026-43027 netfilter: nf_conntrack_helper: pass helper to expect cleanup
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackhelper: pass helper to expect cleanup nfconntrackhelperunregister calls nfctexpectiteratedestroy to remove expectations belonging to the helper being unregistered. However, it passes NULL instead of the help...
SUSE CVE-2026-23352
In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efifreebootservices frees memory occupied by EFIBOOTSERVICESCODE and EFIBOOTSERVICESDATA using memblockfreelate. There are two issue with that: memblockfreelate should be used for...
SUSE CVE-2026-23159
In the Linux kernel, the following vulnerability has been resolved: perf: sched: Fix perf crash with new isusertask helper In order to do a user space stacktrace the current task needs to be a user task that has executed in user space. It use to be possible to test if a task is a user task or not...
CVE-2026-23124
CVE-2026-23124 is a Linux kernel IPv6 data-race issue in ndisc_router_discovery() where reads/writes to in6_dev->ra_mtu occur without proper synchronization. The race can occur during router advertisement MTU handling (mtu checks are noted but not yet enforced); the fix adds READ_ONCE()/WRITE_...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000589)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000589 advisory. Use-after-free vulnerability in the pathopenat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or...