Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure that we do not read beyond the ELF header. When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand. However, this is not necessary for other clients. The size of the firmware...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: fs: Fixed the UAF/GPF bug in nilfsmdtdestroy. In allocinode, inodeinitalways might return -ENOMEM if securityinodealloc fails, which results in the inode-iprivate being uninitialized. As a consequence, nilfsismetadatafileinode...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A flaw in the use of free after the NILFS file system in the Linux kernel was discovered. This flaw causes the function security inodealloc to fail, leading to a call to the nilfsmdtdestroy function. A local user could exploit this flaw to crash the system or potentially escalate their privileges...

ROS-20260408-73-0026

A vulnerability in the drivers/soc/qcom/mdtloader.c component of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability allows an intruder to gain unauthorized access to protected information...

Oracle Linux 7 : kernel (ELSA-2026-3685)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3685 advisory. - ext4: fix use-after-free in ext4orphancleanup CVE-2022-50673 Orabug: 39036029 - Squashfs: check return result of sbminblocksize CVE-2025-38415 Orabug...

Oracle Linux 7 : kernel (ELSA-2026-1581)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-1581 advisory. - e1000e: fix heap overflow in e1000seteeprom CVE-2025-39898 Orabug: 38904071 - i40e: fix idx validation in config queues msg CVE-2025-39971 Orabug:...

Oracle Linux 7 : kernel (ELSA-2026-0755)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0755 advisory. - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 Orabug: 38860426 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705...

kernel security update

3.10.0-1160.119.1.0.17 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 Orabug: 38860426 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 Orabug: 38860426 - netsched: hfsc: Fix a potential UAF in hfscdequeue too CVE-2025-37823 Orabug: 38860426 - libceph: fix...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2025-39787)

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

SUSE-SU-2026:0200-1 Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.275 fixes various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. - CVE-2022-50367: fs: fix UAF/GPF bug in nilfsmdtdestroy bsc1250280. -...

CLSA-2026-1768110920 kernel: Fix of 16 CVEs

crypto: lzo - Fix compression buffer overrun CVE-2025-38068 - wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work CVE-2025-39863 - NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-43945 - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-40186 - can:...

MiracleLinux 9 : kernel-5.14.0-611.9.1.el9_7 (AXSA:2025-11506:95)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11506:95 advisory. kernel: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails CVE-2022-50087 kernel: sunrpc: fix client side handling of tls alerts...

MiracleLinux 9 : kernel-5.14.0-570.60.1.el9_6 (AXSA:2025-11090:87)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11090:87 advisory. kernel: ipv6: sr: Fix MAC comparison to be constant-time CVE-2025-39702 kernel: fs: fix UAF/GPF bug in nilfsmdtdestroy CVE-2022-50367 kernel: crypt...

CVE-2019-20430

In the Lustre file system before 2.12.3, the mdt module has an LBUG panic via a large MDT Body eadatasize field due to the lack of validation for specific fields of packets sent by a client...

K000158972: Linux kernel (nilfs) vulnerability CVE-2022-50367

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode return...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992818)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992818 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992418)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992418 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if...

kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy

In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode returns true and nilfsfreeinode...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy

In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode returns true and nilfsfreeinode...