Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

EUVD-2024-51810

Malicious code in bioql PyPI...

Fedora 41 : xen (2025-643cc72c6f)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-643cc72c6f advisory. Mutiple vulnerabilities in the Viridian interface XSA-472, CVE-2025-27466, CVE-2025-58142, CVE-2025-58143 Arm issues with page refcounting XSA-473,...

Fedora 42 : xen (2025-7a1f93f58a)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-7a1f93f58a advisory. Mutiple vulnerabilities in the Viridian interface XSA-472, CVE-2025-27466, CVE-2025-58142, CVE-2025-58143 Arm issues with page refcounting XSA-473,...

CVE-2025-58145 Arm issues with page refcounting

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL...

CVE-2025-58144

CVE-2025-58144 affects the Xen hypervisor; a vulnerability in mapping pages from other domains can cause a NULL pointer dereference, potentially on a release build. The record also notes a related issue (CVE-2025-58145) about the P2M lock and domain boundary integrity, but the provided documents ...

Arm issues with page refcounting

ISSUE DESCRIPTION There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. This is CVE-2025-58144. And then the P2M lock isn't held...

net/mlx5e: kTLS, Fix incorrect page refcounting

...

CVE-2024-53138

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

SUSE CVE-2024-53138

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

CVE-2024-53138

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

DEBIAN-CVE-2024-53138

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

AZL-54107 CVE-2024-53138 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

CVE-2024-53138

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

CVE-2024-53138 net/mlx5e: kTLS, Fix incorrect page refcounting

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

CVE-2024-53138 net/mlx5e: kTLS, Fix incorrect page refcounting

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

CVE-2024-53138

CVE-2024-53138 is tied to the Linux kernel’s net/mlx5e: kTLS path. The connected documents describe a root cause in page reference counting: the kTLS TX path mixes get_page() and page_ref_inc(), while the release path uses only put_page(). When pages from large folios are involved, get_page() ref...

CVE-2024-26953

CVE-2024-26953 is a Linux kernel vulnerability affecting the ESP path in net: esp. When skb fragments originating from a page_pool are released during esp_output (not inline), calling put_page can trigger a page_pool leak, potentially causing a crash. The connected documents describe the root cau...

kernel: memory leak when merging buffers in SCSI IO vectors

It was found that in the Linux kernel through v4.14-rc5, biomapuseriov and biounmapuser in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bioaddpcpage merges them into one, but the page reference is never dropped, causing a...