kernel: proc: fix UAF in proc_get_inode()

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Firewire: ohci: prevents leakage of leftover IRQs when unbinding The commit 5a95f1ded28691e6 “Firewire: ohci: uses a devres for the requested IRQ” also removed the call to freeirq in pciremove. This resulted in a leftover IRQ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Removes the proc entry when the device is not registered. syzkaller reported a warning in bcmconnect. 0 The repro calls connect for vxcan1, removes vxcan1, and calls connect with ifindex == 0. Calling connect for a BCM...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Clear bo-bcmprocread after removeprocentry. syzbot reported a warning in bcmrelease. 0 The blamed change fixed another warning that is triggered when connect is issued again for a socket whose connected device has been...

SUSE CVE-2026-31403

In the Linux kernel, the following vulnerability has been resolved: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd The /proc/fs/nfs/exports proc entry is created at module init and persists for the module's lifetime. exportsprocopen captures the caller's current network...

Azure Linux 3.0 Security Update: kernel (CVE-2024-47709)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47709 advisory. - In the Linux kernel, the following vulnerability has been resolved: can: bcm: Clear bo-bcmprocread after...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992967)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992967 advisory. In the Linux kernel, the following vulnerability has been resolved: can: bcm: Clear bo-bcmprocread after removeprocentry. syzbot reported a warning in bcmrelease. 0...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993096)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993096 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6routenetexitlate During the initialization of ip6routenetinitlate, if fil...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990878)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990878 advisory. In the Linux kernel, the following vulnerability has been resolved: can: bcm: Clear bo-bcmprocread after removeprocentry. syzbot reported a warning in bcmrelease. 0...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-389429)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-389429 advisory. In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. syzkaller reported a warning in bcmconnect...

CLSA-2025-1754037187 Fix of 7 CVEs

CVE-url: https://ubuntu.com/security/CVE-2021-47352 - virtio-net: Add validation for used length CVE-url: https://ubuntu.com/security/CVE-2024-46771 - can: bcm: Remove proc entry when dev is unregistered. Bionic update: upstream stable patchset 2023-01-20 LP: 2003596 // CVE- url:...

UBUNTU-CVE-2025-38400

In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. syzbot reported a warning below 1 following a fault injection in nfsfsprocnetinit. 0 When nfsfsprocnetinit fails, /proc/net/rpc/nfs is not removed. Later, rpcprocexit...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svcprocregister Currently, nfsdprocstatinit ignores the return value of svcprocregister. If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix...

SUSE CVE-2022-49903

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6routenetexitlate During the initialization of ip6routenetinitlate, if file ipv6route or rt6stats fails to be created, the initialization is successful by default. Therefore, the ipv6route or rt6stats file...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a proc entry removal warning during network cleanup by the ipvs application, which could lead to a memory le...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a proc entry removal warning when ipvs cleans up a batch, which could lead to a memory leak...

AZL-68985 CVE-2025-22026 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svcprocregister Currently, nfsdprocstatinit ignores the return value of svcprocregister. If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix...

SUSE CVE-2025-21999

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

UBUNTU-CVE-2025-21999

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

Linux Distros Unpatched Vulnerability : CVE-2024-46771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: bcm: Remove proc entry when dev is unregistered. syzkaller reported a warning in bcmconnect below. 0 The repro calls connect to vxcan1, removes vxcan1, and...