505 matches found
Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7516-8)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7516-8 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fixed the issue where an unrecoverable MCE interrupt call from the NMI handler could lead to unexpected behavior. The machine check handler is not considered an NMI handler on 64s architectures. The early handler is...
Astra Linux - уязвимость в glibc
A out-of-bounds write vulnerability was discovered in glibc before version 2.31, when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution...
Ubuntu 24.04 LTS / 25.10 : Linux kernel vulnerabilities (USN-8245-1)
"The remote Ubuntu 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8245-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify...
Ubuntu 25.10 : Linux kernel (Raspberry Pi) vulnerabilities (USN-8257-1)
"The remote Ubuntu 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8257-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signatur...
USN-8260-1 linux-azure-fips vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
USN-8258-1 linux-azure vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
USN-8257-1: Linux kernel (Raspberry Pi) vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Avoid scheduling in rtasosterm. It is unsafe to use rtasbusydelay to handle a busy status from the IBM,os-term RTAS function in rtasosterm: Kernel Panic – Not Syncing: Attempted to kill init! Exitcode=0x0000000b BUG...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Don't use DSISR for SLB faults Since commit 46ddcb3950a2 "powerpc/mm: Show if a bad page fault on data is read or write." we use pagefaultiswriteregs-dsisr in badpagefault to determine if the fault is for a read or...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: powerpc/mm/fault: Fixed the reporting of kfence page faults. The copyfromkernelnofault function can be called when reading /proc/kcore. /proc/kcore may contain kfence objects that are not mapped, and reading these objects via...
Linux Distros Unpatched Vulnerability : CVE-2026-31686
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/kasan: fix double free for kasan pXds kasanfreepxd assumes the page table is always struct page aligned. But that's not always the case for all architectures...
CVE-2026-31686 mm/kasan: fix double free for kasan pXds
In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasanfreepxd assumes the page table is always struct page aligned. But that's not always the case for all architectures. E.g. In case of powerpc with 64K pagesize, PUD table of size 4096...
Ubuntu Pro Realtime 24.04 LTS : Linux kernel (Raspberry Pi Real-time) vulnerabilities (USN-8204-1)
"The remote Ubuntu Pro Realtime 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8204-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly...
USN-8179-3: Linux kernel vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
USN-8185-1: Linux kernel (NVIDIA) vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
USN-8179-2 linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
USN-8184-1: Linux kernel (Real-time) vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
USN-8183-1 linux-gcp, linux-gcp-6.17 vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
USN-8177-1 linux, linux-realtime vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...