10 matches found
CVE-2026-52971
In the Linux kernel, the following vulnerability has been resolved: net: ena: PHC: Fix potential use-after-free in gettimestamp Move the phc-active check and resp pointer assignment to after acquiring the spinlock. Previously, phc-active was checked without holding the lock, and resp was cached...
PT-2026-51865
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the get timestamp function of the ENA network driver. The problem occurs because the phc-active check and the assignment of the resp pointer were perform...
CVE-2026-23045
The CVE-2026-23045 issue affects the Linux kernel ENA driver (net/ena). The root cause is a missing devlink lock when updating devlink parameters: ena_devlink_alloc() calls devl_param_driverinit_value_set() without acquiring the required lock, triggering a lock assertion warning in devl_assert_lo...
Linux Distros Unpatched Vulnerability : CVE-2026-23045
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/ena: fix missing lock when update devlink params Fix assert lock warning while calling devlparamdriverinitvalueset in ena. WARNING: net/devlink/core.c:261 a...
Rocky Linux 9 : kernel (RLSA-2024:4583)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4583 advisory. kernel: TIPC message reassembly use-after-free remote code execution vulnerability CVE-2024-36886 kernel: ethernet: hisilicon: hns: hnsdsafmisc: fix a...
CVE-2024-40999 net: ena: Add validation for completion descriptors consistency
In the Linux kernel, the following vulnerability has been resolved: net: ena: Add validation for completion descriptors consistency Validate that first flag is set only for the first descriptor in multi-buffer packets. In case of an invalid descriptor, a reset will occur. A new reset reason for R...
CVE-2024-40999
CVE-2024-40999 affects the Linux kernel ENA driver. The vulnerability stems from insufficient validation of completion descriptors in multi-buffer packets: the "first" flag must only appear on the first descriptor. An invalid descriptor can trigger a reset, and a new RX data corruption reset reas...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a problem with the net:ena component when handling the consistency of completion descriptors...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...
Unbreakable Enterprise kernel-container security update
4.14.35-2047.504.2.el7 - md/raid1: properly indicate failure when ending a failed write request Paul Clements Orabug: 32887159 - video: hypervfb: Add ratelimit on error message Michael Kelley Orabug: 32856879 - Drivers: hv: vmbus: Initialize unloadevent statically Andrea Parri Microsoft Orabug:...