920 matches found
EUVD-2026-32872
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modifie...
CVE-2026-46032
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....
RHEL 9 : kernel (RHSA-2026:20593)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20593 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: proc: fix UAF in procgetinode...
kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A local attacker with privileges on the host system could exploit a vulnerability in how KVM handles shadow page table entries SPTEs during memory-mapped I/O MMIO operations. By manipulating guest page table entrie...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerability has been resolved: mm: Avoid leaving partial pfn mappings in error cases. As Jann points out, PFN mappings are special. Unlike normal memory mappings, there is no lifetime information associated with the mapping—it’s simply a raw mapping of PFNs,...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page corresponding to a guest ASCE should be 0. When replacing the ASCE in s390replaceasce, the index of the new ASCE should also be set to 0. Having t...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: s390/uv: Do not call foliowaitwriteback without a folio reference. foliowaitwriteback requires that no spinlocks are held and that a folio reference is held, as documented. After we removed the PTL, the folio object could be free...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/rmap: Fixed potential out-of-bounds access to the page table during batched unmap operations. As pointed out by David1, the batched unmap logic in trytounmapone may read past the end of a PTE table when the PTE mappings of a...
Astra Linux - уязвимость в linux-5.15, linux-6.1, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: Independent PMD page table shared count The refcount of the folio may be unexpectedly increased through functions like trygetfolio by callers such as splithugepages. In hugepmdunshare, we use the refcount to check...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: arm: pgtable: Fix for NULL pointer dereference issue. When updatemmucacherange is called by updatemmucache, the vmf parameter is NULL, which can lead to a NULL pointer dereference issue in adjustpte. It is not possible to handle...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: iommu/vt-d: debugfs: Fixed the legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b. SSPTPTR might be uninitialized or zero in that case, and this could lead to errors such as: - General...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dpt: Makes the DPT object unshrinkable. In some scenarios, the DPT object gets shrunk, but the actual framebuffer does not, so it remains in the DPT’s vm-boundlist. Then, an attempt is made to rewrite the PTEs through a...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: x86/mm/64: Defined ARCHPAGETABLESYNCMASK and archsynckernelmappings. These definitions ensure that page tables are properly synchronized when calling pdpopulatekernel. For 5-level paging, synchronization is performed via...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ARC: mm: fix leakage of memory allocated for PTE Since the commit d9820ff “ARC: mm: switch pgtablet back to struct page ”, a memory leakage problem occurred. Memory allocated for page table entries wasn’t released during process...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: Do not repeatedly call pteoffsetmaplock until success. DAMON’s virtual address space operation implementation vaddr calls pteoffsetmaplock within the page table walk callback function. This is necessary for readin...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mm/pagetablecheck: A crash occurred when processing ZONEDEVICE pages. Not all pages require the pgtable check. An example is ZONEDEVICE pages: they map PFNs directly, and they never allocate pageext, even if there’s a struct page...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTESHARED on GCS mappings if FEATLPA2 is enabled When FEATLPA2 is enabled, bits 8-9 of the PTE replace the shareability attribute with bits 50-51 of the output address. The PAGEGCS,RO definitions include th...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed an out-of-bounds shift in CalculateVMAndRowBytes REASON When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dmllog2 returns an unexpected negative value: The shift exponent...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm: fixed a kernel bug when userfaultfdmove encounters swapcache. The userfaultfdmove function checks whether the PTE entry is present or a swap entry. If the PTE entry is present, movepresentpte handles folio migration by settin...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fixed the PTE update for kernel memory on radix. When adding a PTE, a ptesync is required to ensure that the PTE update is performed correctly before subsequent accesses. Otherwise, a spurious fault may occur...