Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: wwan: mhi: A memory leak has been fixed in the mhimbimdellink function. The MHI driver registers the network device without setting the needsfreenetdev flag. Additionally, it does not call freenetdev when unregistering the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Remove the “MHI autoqueue” feature for IPCR DL channels. The MHI stack provides the “autoqueue” feature, which allows the MHI stack to automatically queue buffers for the RX path DL channels. Although this feature...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop the channel lock before queuing buffers. Ensure that read and write locks for the channel are not acquired consecutively by dropping the read lock from parsexferevent. This allows a callback provided to the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: mhi: Fixed a memory leak in mhinetdellink. The MHI driver registers the network device without setting the needsfreenetdev flag, and does not call freenetdev when unregistering the network device. This results in a memory...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host – Added an alignment check for the event ring read pointer. Although we check the event ring read pointer using “isvalidringptr” to ensure it is within the buffer range, there is another risk that the pointer might...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ath11k: mhi: use mhisyncpowerup If amss.bin is missing, ath11k will crash during the ‘rmmod ath11kpci’ command. The reason for this is that we were using mhipowerup, which does not check for any errors. However, mhisyncpowerup do...

EUVD-2025-209675

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI autoqueue feature for IPCR DL channels MHI stack offers the 'autoqueue' feature, which allows the MHI stack to auto queue the buffers for the RX path DL channel. Though this feature simplifies the client...

CVE-2025-71285

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI autoqueue feature for IPCR DL channels MHI stack offers the 'autoqueue' feature, which allows the MHI stack to auto queue the buffers for the RX path DL channel. Though this feature simplifies the client...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition in the MHI autoqueue function within the qtrr module on the IPCR DL channel. Thi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - bus: mhi: core: Fixed an invalid error that was returned in mhiqueue. - mhiqueue returns an error when the doorbell is not accessible in the current state. This can occur when the device is in a non-M0 state, such as M3, and...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – decreasing the MHI channel buffer length to 8KB Currently, the buflen field of ath11kmhiconfigqca6390 is set to 0, causing MHI to use the default size of 64KB to allocate channel buffers. This may lead to failures ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if the client driver is available. For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if the client driver is available. Otherwise, it will result in a null...

CLSA-2026-1771239384 kernel: Fix of 75 CVEs

net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit CVE-2025-39766 - NFSD: Avoid calling OPDESC with ops-opnum == OPILLEGAL CVE-2023-53680 - scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow CVE-2023-53676 - KVM: x86: use arrayindexnospec with indices that come from...

CLSA-2026-1771081379 kernel: Fix of 76 CVEs

HID: core: ensure the allocated report buffer can contain the reserved report ID CVE-2025-38495 - fs/proc: fix uaf in procreaddirde CVE-2025-40271 - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer CVE-2025-40269 - Bluetooth: ISO: Fix possible UAF on isoconnfree CVE-2025-40141 -...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38429)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38429 advisory. - In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Update read pointer only...

ROS-20260120-73-0007

A vulnerability in the mhi component of the Linux operating system kernel is related to insufficient blocking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2023-54249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bus: mhi: ep: Only send -ENOTCONN status if client driver is available For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if...

SUSE CVE-2023-54249

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if client driver is available For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if client driver is available. Otherwise, it will result in null pointer...

CVE-2023-54249

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if client driver is available For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if client driver is available. Otherwise, it will result in null pointer...

CVE-2023-54249

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if client driver is available For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if client driver is available. Otherwise, it will result in null pointer...