CVE-2026-45837

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the arenavmclose function during a fork operation. This occurs because the child's Virtual Memory Area VMA is not correctly registered, leading to a dangling pointer. If a child process attempts to access this stale...

CVE-2026-45837

The CVE-2026-45837 issue affects the Linux kernel BPF arena memory management during fork. The root cause is that arena_vm_open() bumps mmap_count but does not register the child VMA in arena->vma_list, leaving vml->vma to point to the parent VMA. After the parent unmaps, a use-after-free c...

PT-2026-43671

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arena vm close on fork arena vm open only bumps vml-mmap count but never registers the child VMA in arena-vma list. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangle...

OESA-2026-2418 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved:mm/mempolicy: fix migratetonode assuming there is at least one VMA in a MMWe currently assume that there is at least one VMA in a MM, which isn ttrue.So we might...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: mm/khugepaged: fixed → anonvma race If an -anonvma is attached to the VMA, the collapseandfreepmd function requires that it be locked. Page table traversal is allowed under either the mmap lock, the anonvma lock if the VMA is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Avoid reading the written value in the offset array. When sending a transaction, its offset array is first copied into the target process’s virtual memory area vma. Then, the values are read back from there. This is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Check ownership before using vma When installing missing pages or updating them, Rust Binder will look up the vma in the memory management unit by address, and then call vminsertpage or zappagerangesingle. However, if...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD After i915vmapinww is completed, a synchronous variant of dmafenceworkcommit is called. When pinning a VMA to GGTT address space on a Cherry View family processor...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/mseal: Correctly updates VMA end during merges. Previously, we stored the end of the current VMA in currend. When iterating to the next VMA, we updated currstart to currend to proceed to the next VMA. However, this approach do...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021605)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021605 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix migratetonode assuming there is at least one VMA in a MM We currently assume th...

Linux Distros Unpatched Vulnerability : CVE-2026-43434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: rustbinder: check ownership before using vma When installing missing pages or zapping them,...

CVE-2026-43433

A flaw was found in the Linux kernel's rustbinder component. If a local process gains the ability to write to its own virtual memory area VMA, it could exploit a time-of-check to time-of-use TOCTOU vulnerability. This allows the process to alter the offsets array during a transaction before it is...

CVE-2026-43434

In the Linux kernel, the following vulnerability has been resolved: rustbinder: check ownership before using vma When installing missing pages or zapping them, Rust Binder will look up the vma in the mm by address, and then call vminsertpage or zappagerangesingle. However, if the vma is closed an...

CVE-2026-43433

In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...

CVE-2026-43434

In the Linux kernel, the following vulnerability has been resolved: rustbinder: check ownership before using vma When installing missing pages or zapping them, Rust Binder will look up the vma in the mm by address, and then call vminsertpage or zappagerangesingle. However, if the vma is closed an...

CVE-2026-43433

In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...

UBUNTU-CVE-2026-43434

In the Linux kernel, the following vulnerability has been resolved: rustbinder: check ownership before using vma When installing missing pages or zapping them, Rust Binder will look up the vma in the mm by address, and then call vminsertpage or zappagerangesingle. However, if the vma is closed an...

CVE-2026-43433 rust_binder: avoid reading the written value in offsets array

In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...

CVE-2026-43433

In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...

PT-2026-39095

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in Rust Binder where the system fails to verify ownership before using a Virtual Memory Area VMA. When installing or zapping missing pages, Rust Binder looks up the VMA b...