38 matches found
Ubuntu Pro FIPS-updates 24.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-8296-1)
The remote Ubuntu Pro FIPS-updates 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8296-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: lib/groupcpus: Fixed a NULL pointer dereferencing issue in groupcpusevenly. While testing nullblk with configfs, executing echo 0 pollqueues would trigger the following panic: BUG: NULL pointer dereferencing in the kernel, addres...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nullblk: fix null-ptr-dereference while configuring 'power' and 'submitqueues' Writing 'power' and 'submitqueues' concurrently will trigger kernel panic: Test script: modprobe nullblk nrdevices=0 mkdir -p...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: block: be a bit more careful in checking for NULL bdev while polling Wei reports a crash with an application using polled IO: PGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0 Oops: 0000 1 SMP CPU: 0 PID: 21915 Comm: iocore0 Kdump:...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nullblk: Always check queue mode setting from configfs Make sure to check device queue mode in the nullvalidateconf and return error for NULLQRQ as we don't allow legacy I/O path, without this patch we get OOPs when queue mode is...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: nullblk: fixed handling of poll request timeouts When performing the iouring benchmark on /dev/nullb0, it’s easy for the kernel to crash if poll requests time out, as reported by David. 1 BUG: Kernel NULL pointer dereferencing...
SUSE CVE-2026-23032
In the Linux kernel, the following vulnerability has been resolved: nullblk: fix kmemleak by releasing references to fault configfs items When CONFIGBLKDEVNULLBLKFAULTINJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeoutinject, requeueinject, and...
EUVD-2026-5062
In the Linux kernel, the following vulnerability has been resolved: nullblk: fix kmemleak by releasing references to fault configfs items When CONFIGBLKDEVNULLBLKFAULTINJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeoutinject, requeueinject, and...
CVE-2026-23032
The CVE-2026-23032 issue affects the Linux kernel null_blk driver when CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled. Fault-injection configfs items (timeout_inject, requeue_inject, init_hctx_fault_inject) are created as children of the top-level nullbX group, but references to these items a...
CVE-2026-23032 null_blk: fix kmemleak by releasing references to fault configfs items
In the Linux kernel, the following vulnerability has been resolved: nullblk: fix kmemleak by releasing references to fault configfs items When CONFIGBLKDEVNULLBLKFAULTINJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeoutinject, requeueinject, and...
CVE-2026-23032 null_blk: fix kmemleak by releasing references to fault configfs items
In the Linux kernel, the following vulnerability has been resolved: nullblk: fix kmemleak by releasing references to fault configfs items When CONFIGBLKDEVNULLBLKFAULTINJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeoutinject, requeueinject, and...
PT-2026-5535
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where references to fault configfs items are not released when a nullbX device is removed, leading to a kernel memory leak kmemleak. This occurs when t...
UBUNTU-CVE-2023-54227
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nrhwqueues Although we don't need to realloc set-tags when shrink nrhwqueues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe...
CVE-2023-54227
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nrhwqueues Although we don't need to realloc set-tags when shrink nrhwqueues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe...
CVE-2023-54227 blk-mq: fix tags leak when shrink nr_hw_queues
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nrhwqueues Although we don't need to realloc set-tags when shrink nrhwqueues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe...
CVE-2023-53576
In the Linux kernel, the following vulnerability has been resolved: nullblk: Always check queue mode setting from configfs Make sure to check device queue mode in the nullvalidateconf and return error for NULLQRQ as we don't allow legacy I/O path, without this patch we get OOPs when queue mode is...
UBUNTU-CVE-2023-53531
In the Linux kernel, the following vulnerability has been resolved: nullblk: fix poll request timeout handling When doing iouring benchmark on /dev/nullb0, it's easy to crash the kernel if poll requests timeout triggered, as reported by David. 1 BUG: kernel NULL pointer dereference, address:...
CVE-2023-53531
Technical details for CVE-2023-53531 are not publicly available in the provided connected documents. The materials reference Linux kernel patch notes but do not disclose product/version, exploit vectors, impact, or remediation specifics.
SUSE CVE-2023-53366
In the Linux kernel, the following vulnerability has been resolved: block: be a bit more careful in checking for NULL bdev while polling Wei reports a crash with an application using polled IO: PGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0 Oops: 0000 1 SMP CPU: 0 PID: 21915 Comm: iocore0 Kdump:...
CVE-2023-53366
In the Linux kernel, the following vulnerability has been resolved: block: be a bit more careful in checking for NULL bdev while polling Wei reports a crash with an application using polled IO: PGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0 Oops: 0000 1 SMP CPU: 0 PID: 21915 Comm: iocore0 Kdump:...