UBUNTU-CVE-2025-68771

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

CVE-2025-71098

In the Linux kernel, the following vulnerability has been resolved: ip6gre: make ip6greheader robust Over the years, syzbot found many ways to crash the kernel in ip6greheader 1. This involves team or bonding drivers ability to dynamically change their dev-neededheadroom and/or dev-hardheaderlen ...

CVE-2025-68790

CVE-2025-68790 concerns the Linux kernel mlx5 driver (net/mlx5). The root cause is that the HCA_PORTS devcom component is not cleared from the device private data after it is unregistered during LAG teardown. This can cause a use-after-free when a second pass through mlx5_unload_one() occurs, suc...

CVE-2025-68771

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE

Summary A denial-of-service vulnerability exists in the SM2 public-key encryption PKE implementation: the decrypt path performs unchecked slice::splitat operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encod...

GHSA-J9XQ-69PF-PCM8 RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE

Summary A denial-of-service vulnerability exists in the SM2 public-key encryption PKE implementation: the decrypt path performs unchecked slice::splitat operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encod...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: igc: Do not fail igcprobe on LED setup errors When igcledsetup fails, igcprobe fails, leading to a kernel panic in freenetdev. This occurs because unregisternetdev is not called. This behavior can be tested using the...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: mm: Prevent poison consumption when splitting THP When performing memory error injection on a THP Transparent Huge Page mapped to user space on an x86 server, the kernel panics with the following trace. The expected behavior woul...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: riscv, bpf: Sign extension for struct ops correctly handles return values. The nsbpfqdisc selftest triggers a kernel panic: Unable to handle kernel paging request at virtual address ffffffffa38dbf58. Current testprogs pgtable:...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fixed a kernel panic that could occur when partially unmapping a GPU virtual address region. This commit addresses a kernel panic issue that can occur when the userspace tries to partially unmap a GPU virtual address...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic once fallocation fails for pinfile syzbot reports a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2746! CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: qed: Do not collect too many protection override GRC elements In the protection override dump path, the firmware may return far too many GRC elements, leading to attempts to write beyond the previously allocated dump buffer. This...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: amd/amdkfd: resolved a race condition in amdgpuamdkfddevicefinisw There is a race condition in amdgpuamdkfddevicefinisw involving interrupts. If amdgpuamdkfddevicefinisw runs during b/w kfdcleanupnodes and kfreekfd, an KGD...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: pid: Added a check for ns null in pidnrns. taskpidnrns ns = taskactivepidnscurrent; pidnrnsrcudereferencetaskpidptrtask, type, ns; if pid && ns-level level Sometimes, null is returned for taskactivepidns. This can trigger kernel...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: pwm: berlin: Fixed the incorrect register used in suspend/resume operations. The “enable” register should be BERLINPWMEN instead of BERLINPWMENABLE. Otherwise, the driver will access the wrong address, leading to a CPU exception...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: fs: quota: create dedicated workqueue for quotareleasework There is a kernel panic due to WARNONCE when paniconwarn is set. This issue occurs when writeback is triggered due to sync call for an opened fileie, writeback reason is...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Returning NULL pointer in case of allocation failures When the TRBE driver fails to allocate a buffer, it currently returns the error code “-ENOMEM”. However, the caller etmsetupaux only checks for a NULL pointer...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: comedi: A flaw in the comedibufmunge function was addressed. This function performs a modulo operation async-mungechan %= async-cmd.chanlistlen, without first checking whether chanlistlen is zero. If a user program submits a...

RHEL 9 : podman (RHSA-2026:0470)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0470 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

MiracleLinux 9 : delve-1.24.1-2.el9_5, golang-1.23.6-2.el9_5 (AXSA:2025-9852:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9852:01 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...