Astra Linux - уязвимость в linux-5.10

A flaw was discovered in the pfnswapentrytopage function within the memory management subsystem of the Linux kernel. In this flaw, an attacker with local user privileges may cause a denial-of-service attack due to a BUG statement that references pmdt x...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fixed to avoid mapping the wrong physical block for the swapfile. Xiaolong Guo reported a bug related to f2fs in bugzilla 1. 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 Quoted: “When using the stress-ng swap stress...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/rds: fixed the possible null dereference of cp The cp parameter may be null. Calling cp-cpconn would result in a null dereference. Simon Horman adds: Analysis: cp is a parameter of rdsrdmamap and is not reassigned. The...

GHSA-F6QQ-3M3H-4G42 auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation

Summary The Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. In practice, this means all Patreon-authenticated users of an application using this library are collapsed into a...

CVE-2026-23233

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla 1 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 Quoted: "When using stress-ng's swap stress test on F2FS filesystem...

CVE-2026-23233 f2fs: fix to avoid mapping wrong physical block for swapfile

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla 1 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 Quoted: "When using stress-ng's swap stress test on F2FS filesystem...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002449)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002449 advisory. The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, whic...

CVE-2023-54253

The CVE describes a Linux kernel bug in Btrfs relocation: calling set_page_extent_mapped before validating the folio/page can trigger a kernel BUG during relocate_one_page. The fix, as noted in the description, is to move set_page_extent_mapped to after the btrfs_read_folio block so the subpage b...

CVE-2025-40006 mm/hugetlb: fix folio is still mapped when deleted

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix folio is still mapped when deleted Migration may be raced with fallocating hole. removeinodesinglefolio will unmap the folio if the folio is still mapped. However, it's called without folio lock. If the folio is...

Linux Distros Unpatched Vulnerability : CVE-2025-39717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id- mapping changes without OPENTREECLONE As described in commit...

Linux Distros Unpatched Vulnerability : CVE-2024-34777

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in mapbenchmarkioct...

Linux Distros Unpatched Vulnerability : CVE-2019-9213

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kern...

Linux Distros Unpatched Vulnerability : CVE-2025-38088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap memtrace mmap issue has a...

Linux Distros Unpatched Vulnerability : CVE-2024-53116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the...

CVE-2024-53116 drm/panthor: Fix handling of partial GPU mapping of BOs

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn't correctly handle the case where t...

DEBIAN-CVE-2024-50295

In the Linux kernel, the following vulnerability has been resolved: net: arc: fix the device for dmamapsingle/dmaunmapsingle The ndev-dev and pdev-dev aren't the same device, use ndev-dev.parent which has dmamask, ndev-dev.parent is just pdev-dev. Or it would cause the following issue: 39.933526...

Medium: amazon-ecr-credential-helper

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 Affected Packages: amazon-ecr-credential-helper Note: This advisory is...

DEBIAN-CVE-2024-46838

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: don't BUGON if khugepaged yanks our page table Since khugepaged was changed to allow retracting page tables in file mappings without holding the mmap lock, these BUGONs are wrong - get rid of them. We could also remo...

SUSE-SU-2024:1646-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2019-25160: Fixed out-of-bounds memory accesses in netlabel bsc1220394. - CVE-2021-46904: Fixed NULL pointer dereference during tty device unregistration...

Exploit for Improper Ownership Management in Debian Debian_Linux

A flaw was found in the Linux kernel, where unauthorized access...