Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Lag – Check for LAG devices before creating debugfs. The function mlx5lagdevaddmdev may return 0 success even when an error occurs, but this error is handled gracefully. As a result, the initialization process continues...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed an issue where the HCAPORTS component was unregistered twice. Clear the hcadevcomcomp field in the device’s private data after unregistering it during the LAG teardown. Otherwise, a slightly delayed second pass...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Fixed a crash that occurs when switching to switchdev mode. When switching to switchdev mode if the device does not support IPsec, we attempt to clean up the IPsec resources anyway, which causes the crash. This issue...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/mlx5: Fixed an issue where a source warning occurred when accessing the Eth segment. ------------ Cut here ------------ memcpy: A field-spanning write was detected size 56 for the single field “eseg-inlinehdr.start” at...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed a possible use-after-free in the async command interface The mlx5cmdcleanupasyncctx function should only return after all its callback handlers are completed. Before this patch, there was a race between...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005643)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005643 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Return the firmware result upon destroying QP/RQ Previously when destroying a QP/RQ, t...

Unbreakable Enterprise kernel security update

6.12.0-107.59.3.4 - mptcp: fix a race in mptcppmdeladdtimer Eric Dumazet Orabug: 38932996 CVE-2025-40257 - tls: Use skdstget and dstdevrcu in getnetdevforsock. Kuniyuki Iwashima Orabug: 38932973 CVE-2025-40149 - mptcp: fix race condition in mptcpschedulework Eric Dumazet Orabug: 38932955...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

ROS-20260126-73-0002

A vulnerability in the RDMA/mlx5 component of the Linux operating system kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Do not block PCI config accesses through pcicfgaccesslock when executing the s390 variant of PCI error recovery. Instead, use devicelock instead of pcidevlock...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from repeated deregistration of the HCAPORTS component in the mlx5 driver, which could lead to reuse after releas...

EUVD-2023-60418

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix invalid buffer access for legacy rq The below crash can be encountered when using xdpsock in rx mode for legacy rq: the buffer gets released in the XDPREDIRECT path, and then once again in the driver. This fix...

SUSE CVE-2025-40350

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdpbuff for striding RQ XDP programs can change the layout of an xdpbuff through bpfxdpadjusttail and bpfxdpadjusthead. Therefore, the driver cannot assume the size of the linear...

EUVD-2025-201221

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec cleanup over MPV device When we do mlx5edetachnetdev we eventually disable blocking events notifier, among those events are IPsec MPV events from IB to core. So before disabling those blocking events, make sur...

EUVD-2022-55383

Malicious code in bioql PyPI...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_6

This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: CVE-2025-38177: kernel: schhfsc: make hfscqlennotify idempotent bsc1246356 CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow bsc1245685 CVE-2025-38181: calipso: fix null-ptr-deref in...

CVE-2023-53393

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5ibgethwstats when used for device Currently, when mlx5ibgethwstats is used for device portnum = 0, there is a special handling in order to use the correct counters, but, portnum is being passed down the stack...

PT-2025-38372

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc4 for upstream base 2022 11 10 16 12 1 Description A flaw exists in the Linux kernel's RDMA/mlx5 subsystem related to the handling of port numbers within the mlx5 ib get hw stats function. Specifically,...

CVE-2023-53347 net/mlx5: Handle pairing of E-switch via uplink un/load APIs

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Handle pairing of E-switch via uplink un/load APIs In case user switch a device from switchdev mode to legacy mode, mlx5 first unpair the E-switch and afterwards unload the uplink vport. From the other hand, in case use...

CVE-2025-39832

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix lockdep assertion on sync reset unload event Fix lockdep assertion triggered during sync reset unload event. When the sync reset flow is initiated using the devlink reload fwactivate option, the PF already holds the...