4 matches found
EUVD-2026-35411
In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp allocated for it. tunsendmsg discards that -EINVAL and still returns...
CVE-2025-71089 iommu: disable SVA when CONFIG_X86 is set
In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIGX86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing SVA. In an SVA context, an...
kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
A flaw was found in include/asm-generic/tlb.h in the Linux kernel due to a race condition unmapmappingrange versus munmap. This issue allows a device driver to free a page while it still has stale TLB entries...
kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks
A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VMIO|VMPFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of...