CVE-2026-46013

mm/memfdluo: fix physical address conversion in putfolios cleanup...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/memfd: Fixed an issue where information leaks occurred during the handling of hugetlb folios. When allocating hugetlb folios for memfd, three initialization steps are missing: 1. The folios are not zeroed, resulting in kern...

CVE-2026-43389

In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd preservation with LUO saves t...

CVE-2026-43389 mm: memfd_luo: always dirty all folios

In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd preservation with LUO saves t...

PT-2026-39050

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the memfd luo component where the preservation of folios units of memory management does not correctly track their dirty state. A dirty folio is one that has been...

Incorrect Permission Assignment for Critical Resource

Overview @anthropic-ai/sdk is a The official TypeScript library for the Anthropic API Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the BetaLocalFilesystemMemoryTool that creates memory files and directories using the Node.js default...

CVE-2026-23375

In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes filethpenabled incorrectly allows THP for files on anonymous inodes e.g. guestmemfd and secretmem. These files are created via allocfilepseudo, which does not call getwriteaccess an...

UBUNTU-CVE-2026-23375

In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes filethpenabled incorrectly allows THP for files on anonymous inodes e.g. guestmemfd and secretmem. These files are created via allocfilepseudo, which does not call getwriteaccess an...

CVE-2026-23375 mm: thp: deny THP for files on anonymous inodes

In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes filethpenabled incorrectly allows THP for files on anonymous inodes e.g. guestmemfd and secretmem. These files are created via allocfilepseudo, which does not call getwriteaccess an...

EUVD-2025-206529

An out-of-bounds read in the mkptrtobuf in mkcore function mkmemory.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2025-68810

In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVMMEMGUESTMEMFD on an existing memslot Reject attempts to disable KVMMEMGUESTMEMFD on a memslot that was initially created with a guestmemfd binding, as KVM doesn't support toggling KVMMEMGUESTMEMFD on...

CVE-2021-0520

In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

PT-2026-27740

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the mm/thp subsystem related to transparent huge pages THP. The file thp enabled function incorrectly permits THP for files residing on anonymous...

CVE-2025-15113

Ksenia Security lares legacy model Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary...

CVE-2025-15113

Ksenia Security Lares 4.0 Home Automation (version 1.6) is affected by CVE-2025-15113 due to an unprotected endpoint that lets authenticated attackers upload MPFS File System binary images. This can overwrite flash memory and potentially execute arbitrary code on the web server. Exploitation deta...

Ksenia Security Lares 4.0 Home Automation 安全漏洞

Ksenia Security Lares 4.0 Home Automation is an intelligent security and home automation control platform from Ksenia Security, Italy. A security vulnerability exists in Ksenia Security Lares 4.0 Home Automation version 1.6, which originates from an unprotected endpoint, and could allow an...

SUSE CVE-2025-68292

In the Linux kernel, the following vulnerability has been resolved: mm/memfd: fix information leak in hugetlb folios When allocating hugetlb folios for memfd, three initialization steps are missing: 1. Folios are not zeroed, leading to kernel memory disclosure to userspace 2. Folios are not marke...

EUVD-2025-203788

In the Linux kernel, the following vulnerability has been resolved: mm/memfd: fix information leak in hugetlb folios When allocating hugetlb folios for memfd, three initialization steps are missing: 1. Folios are not zeroed, leading to kernel memory disclosure to userspace 2. Folios are not marke...

CVE-2025-68292 mm/memfd: fix information leak in hugetlb folios

In the Linux kernel, the following vulnerability has been resolved: mm/memfd: fix information leak in hugetlb folios When allocating hugetlb folios for memfd, three initialization steps are missing: 1. Folios are not zeroed, leading to kernel memory disclosure to userspace 2. Folios are not marke...

CVE-2025-68292

The CVE-2025-68292 issue concerns the Linux kernel memfd hugetlb folio allocation. A path used by memfd bypassed the normal page fault handler (hugetlb_no_page), omitting three initialisation steps that could leak kernel memory or cause races: (1) folios not zeroed, risking information disclosure...