Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drivers: perf: marvellcn10k: Fixed a leak in the hotplug callback in tadpmuinit. The tadpmuinit function does not remove the callback added by cpuhpsetupstatemulti when platformdriverregister fails. The callback must be remove...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: phy: marvell: a3700-comphy: Fix out-of-bounds read issue There is an out-of-bounds read access to gbePhyInitFixfixidx.addr during each iteration after fixidx reaches ARRAYSIZEgbePhyInitFix. Ensure that gbePhyInitaddr is used when...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa – Handles zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Simply return 0...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: crypto: marvell/octeontx – prevents integer overflows The value of “codelength” comes from the firmware file. If your firmware is untrusted, there’s likely very little you can do to protect yourself. Nevertheless, we still try...

Metasploit Wrap-Up 05/15/2026

Weaponizing a text editor for fun and profit Gather round, dear readers, because today, we by we, we mean @h00die dropped the ultimate persistence mechanism: Vim plugin persistence. And honestly, calling it "persistence" feels redundant — Vim is already the most persistent thing ever. Somewhere,...

Marvell QConvergeConsole Path Traversal (CVE-2025-6793)

This module exploits a path traversal vulnerability CVE-2025-6793 in Marvell QConvergeConsole use auxiliary/gather/qconvergeconsoletraversal msf auxiliaryqconvergeconsoletraversal show actions ...actions... msf auxiliaryqconvergeconsoletraversal set ACTION msf auxiliaryqconvergeconsoletraversal...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: Fixed a NULL dereferencing on devlinkalloc failure. devlinkalloc may return NULL when allocation fails. However, presteradevlinkalloc will unconditionally call devlinkpriv on the returned pointer. This can...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mvsas: Fixed use-after-free bugs in mvsworkqueue. During the detachment of Marvell’s SAS/SATA controller, the original code calls canceldelayedwork within mvsfree to cancel the delayed work item mqw-workq. However, if...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013555)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013555 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/octeontx - prevent integer overflows The codelength value comes from the firmware...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010902)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010902 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/octeontx - prevent integer overflows The codelength value comes from the firmware...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007417)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007417 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue During the detaching of Marvell's SAS/SATA...

CVE-2026-23438

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: guard flow control update with globaltxfc in buffer switching mvpp2bmswitchbuffers unconditionally calls mvpp2bmpoolupdateprivfc when switching between per-cpu and shared buffer pool modes. This function programs CM3...

CVE-2026-23281

A flaw was found in the Linux kernel's Marvell Libertas Wi-Fi driver. This vulnerability, a use-after-free, occurs because the system does not properly synchronize the freeing of memory with ongoing timer operations. If a timer attempts to access resources after they have been released, it can le...

CVE-2026-23019

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix NULL dereference on devlinkalloc failure devlinkalloc may return NULL on allocation failure, but presteradevlinkalloc unconditionally calls devlinkpriv on the returned pointer. This leads to a NULL...

SUSE CVE-2026-23019

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix NULL dereference on devlinkalloc failure devlinkalloc may return NULL on allocation failure, but presteradevlinkalloc unconditionally calls devlinkpriv on the returned pointer. This leads to a NULL...

EUVD-2026-5075

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix NULL dereference on devlinkalloc failure devlinkalloc may return NULL on allocation failure, but presteradevlinkalloc unconditionally calls devlinkpriv on the returned pointer. This leads to a NULL...

CVE-2026-23019

CVE-2026-23019 describes a NULL dereference in the Linux kernel’s net: marvell: prestera code. The root cause is that prestera_devlink_alloc() calls devlink_priv() on the pointer returned by devlink_alloc() without verifying that the pointer is non-NULL; if allocation fails, this leads to a NULL ...

CVE-2026-23019

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix NULL dereference on devlinkalloc failure devlinkalloc may return NULL on allocation failure, but presteradevlinkalloc unconditionally calls devlinkpriv on the returned pointer. This leads to a NULL...

Linux Distros Unpatched Vulnerability : CVE-2026-23019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: marvell: prestera: fix NULL dereference on devlinkalloc failure devlinkalloc may return NULL on allocation failure, but presteradevlinkalloc unconditionall...

Azure Linux 3.0 Security Update: kernel (CVE-2024-35992)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35992 advisory. - In the Linux kernel, the following vulnerability has been resolved: phy: marvell: a3700-comphy: Fix out of...