325 matches found
SUSE CVE-2026-45837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
CVE-2026-45837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
UBUNTU-CVE-2026-45837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
CVE-2026-45837 bpf: Fix use-after-free in arena_vm_close on fork
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
CVE-2026-45837
The CVE-2026-45837 issue affects the Linux kernel BPF arena memory management during fork. The root cause is that arena_vm_open() bumps mmap_count but does not register the child VMA in arena->vma_list, leaving vml->vma to point to the parent VMA. After the parent unmaps, a use-after-free c...
CVE-2026-45837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
EUVD-2026-32163
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
PT-2026-43671
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arena vm close on fork arena vm open only bumps vml-mmap count but never registers the child VMA in arena-vma list. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangle...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm/mremap: fixed the WARN message emitted by uffd when remap events are disabled. Registering userfaultd on a VMA that spans at least one PMD and then using mremap can trigger a WARN message when recovering from a failed page...
Astra Linux - уязвимость в linux-5.10, linux
The mm/mremap.c file in the Linux kernel before version 5.13.3 contains a use-after-free issue due to a stale Translation Look-And-Reduce TLB table, as the rmap lock is not held during a PUD move...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed the remap of the arena. The BPF arena logic did not account for the mremap operation. Added a reference count for multiple mmap events to prevent use-after-free in arenavmclose...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: “aio”: fixed the issue with mremap after a fork operation involving null-dereferencing. The commit e4a0d3e720e7 “aio: Makes it possible to remap the aio ring” introduced a null-dereference if mremap is called on an old aio mappin...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: mmmremap.c: avoid pointless invalidaterangestart/end on mremapoldsize=0 If an mremap syscall with oldsize=0 ends up in movepagetables, it will call invalidaterangestart/invalidaterangeend unnecessarily, i.e. with an empty range...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix anonvma UAF on mremap faulted, unfaulted merge Patch series "mm/vma: fix anonvma UAF on mremap faulted, unfaulted merge", v2. Commit 879bca0a2c4f "mm/vma: fix incorrectly disallowed anonymous VMA merges" introduced th...
SUSE CVE-2026-23056
In the Linux kernel, the following vulnerability has been resolved: uacce: implement mremap in uaccevmops to return -EPERM The current uaccevmops does not support the mremap operation of vmoperationsstruct. Implement .mremap to return -EPERM to remind users. The reason we need to explicitly disab...
SUSE CVE-2026-23077
In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix anonvma UAF on mremap faulted, unfaulted merge Patch series "mm/vma: fix anonvma UAF on mremap faulted, unfaulted merge", v2. Commit 879bca0a2c4f "mm/vma: fix incorrectly disallowed anonymous VMA merges" introduced th...
CVE-2026-23077
In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix anonvma UAF on mremap faulted, unfaulted merge Patch series "mm/vma: fix anonvma UAF on mremap faulted, unfaulted merge", v2. Commit 879bca0a2c4f "mm/vma: fix incorrectly disallowed anonymous VMA merges" introduced th...
CVE-2026-23056
In the Linux kernel, the following vulnerability has been resolved: uacce: implement mremap in uaccevmops to return -EPERM The current uaccevmops does not support the mremap operation of vmoperationsstruct. Implement .mremap to return -EPERM to remind users. The reason we need to explicitly disab...
CVE-2026-23056
In the Linux kernel, the following vulnerability has been resolved: uacce: implement mremap in uaccevmops to return -EPERM The current uaccevmops does not support the mremap operation of vmoperationsstruct. Implement .mremap to return -EPERM to remind users. The reason we need to explicitly disab...
UBUNTU-CVE-2026-23077
In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix anonvma UAF on mremap faulted, unfaulted merge Patch series "mm/vma: fix anonvma UAF on mremap faulted, unfaulted merge", v2. Commit 879bca0a2c4f "mm/vma: fix incorrectly disallowed anonymous VMA merges" introduced th...