4536 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: igc: Do not fail igcprobe on LED setup errors When igcledsetup fails, igcprobe fails, leading to a kernel panic in freenetdev. This occurs because unregisternetdev is not called. This behavior can be tested using the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before the interface was enabled. This issue is similar to the vulnerability in the mcp251x driver, which was fixed in commit 03c427147b2d “can: mcp251x: fix resu...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: always set shared-phydev for LAN8814 Currently, during the LAN8814 PTP probe, shared-phydev is only set if the PTP clock is actually set. Otherwise, the function returns before setting it. This is a problem...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Do not call kfree on devices managed by devres. Since the allocation of the driver’s main structure was changed to devmdrmdevalloc, the rdev is managed by devres, and we should not call kfree on it. This fix prevents...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function returns error pointers, so the max3421hcd-spithread pointer can be either an error pointer or NULL. Check both cases before...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Media: i2c: tc358743 – Fixed use-after-free bugs caused by an orphan timer in the probe. state-timer is a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, while rearming itself. Using timerdelete fails to...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Fixed a segfault in tcmlooptpgaddressshow If the allocation of tlhba-sh fails in tcmloopdriverprobe, and we attempt to dereference it in tcmlooptpgaddressshow, we will encounter a segfault. See below for an...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Calls to drmputdev have been removed. Since the allocation of the driver’s main structure was changed, the task of triggering drmputdev to free it should be handled by devres. However, drmputdev still appears in the...
Linux Distros Unpatched Vulnerability : CVE-2025-71071
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-free on probe deferral The driver is dropping the references...
MiracleLinux 8 : kernel-4.18.0-553.77.1.el8_10 (AXSA:2025-10931:75)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10931:75 advisory. kernel: nfsd: don't ignore the return code of svcprocregister CVE-2025-22026 kernel: netsched: hfsc: Fix a UAF vulnerability in class handling...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a premature release of a larb device reference during probe latency, which could lead to post-release reuse...
PT-2026-2602
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the ASoC Audio System on Chip STM32 SAI Serial Audio Interface driver. Specifically, the vulnerability involves a potential OF Open Firmware...
Linux Distros Unpatched Vulnerability : CVE-2025-71081
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the...
PT-2026-2592
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the iommu/mediatek driver related to reference handling of larb devices during probe operations. Specifically, the driver incorrectly drops...
CVE-2026-22772
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF on...
CVE-2026-22772 Fulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF on...
CLSA-2026-1767864313 kernel: Fix of 46 CVEs
mm: hugetlb: fix UAF in hugetlbhandleuserfault CVE-2022-50630 - drm/amdkfd: fix potential kgdmem UAFs CVE-2023-53816 - net/mlx5e: Fix deadlock in tc route query code CVE-2023-53591 - PCI: Fix pcideviceispresent for VFs by checking PF CVE-2022-50636 - wifi: ath11k: fix monitor mode bringup crash...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000335)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000335 advisory. An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcopusbprobe function in th...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000507)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000507 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver...
SUSE CVE-2025-68754
In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...