CVE-2026-9628

A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer...

CLSA-2026-1779434490 kernel: Fix of 100 CVEs

tracing: Verify event formats that have "%p.." CVE-2025-37938 - HID: pidff: Fix null pointer dereference in pidfffindfields CVE-2025-37862 - scsi: st: Fix array overflow in stsetup CVE-2025-37857 - drm/amdkfd: debugfs hanghws skip GPU with MES CVE-2025-37853 - mm/vmscan: don't try to reclaim...

CVE-2026-5072 ptp: Potential Denial of Service via PTP Interval Shift

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

CVE-2026-5072 ptp: Potential Denial of Service via PTP Interval Shift

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

CVE-2026-5072

CVE-2026-5072 affects Zephyr’s PTP subsystem. A remote attacker can send a crafted PTP_MSG_MANAGEMENT to set an unvalidated negative log_announce_interval in a port’s data set. When a subsequent PTP_MSG_ANNOUNCE is processed, port_timer_set_timeout_random computes timeout as NSEC_PER_SEC >>...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ice: fixed NULL access to tx-inuse in iceptptsirq. The E810 device supports a “low latency” firmware interface for accessing and reading Tx timestamps. This interface does not use the standard Tx timestamp logic, due to the laten...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ptp: ocp: fixed use-after-free bugs caused by ptpocpwatchdog. The ptpocpdetach function only shuts down the watchdog timer if it is pending. However, if the timer handler is already running, timerdeletesync is not called. This...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bnxt: prevents a UAF Use After Free error after handing over control to the PTP worker. When reading a timestamp, the bnxttxint function hands over ownership of the completed skb to the PTP worker. The skb should not be used...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ice: ptp: do not emit a WARN when controlling PF is unavailable In VFIO passthrough setups, it is possible to only pass through a PF that does not own the source timer. In such cases, the PTP controlling PF adapter-ctrlpf is neve...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ptp: A possible memory leak has been fixed in ptpclockregister. I encountered a memory leak during the fault injection test as follows: Unreferenced object: 0xffff88800906c618 size 8 Command: comm "i2c-idt82p33931", PID: 4421,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mlx5: fixed the potential use-of-free condition when using the PTP queue’s FIFO mechanism. FIFO indexes are not checked during pop operations, which can lead to a use-of-free issue when popping items from an empty queue. This...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: atlantic: Fixed the DMA mapping for PTP HWTS rings. The function aqringhwtsrxalloc maps additional AQCFGRXDSDEF bytes for PTP HWTS rings. However, the generic aqringfree function does not take this into account. Create an...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net/core: Fixed the ETHP1588 flow dissector When a PTP Ethernet raw frame with a size of more than 256 bytes followed by a 0xff pattern is sent to skbflowdissect, the calculation of the nhoff value is incorrect. For example,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Ice: Fixed improper handling of extts events. Extts events are disabled and enabled by the application ts2phc. However, if the driver is removed while the application is running, a specific extts event remains enabled, which can...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: dpaa2-ptp: Fixed the refcount leak in dpaa2ptpprobe. This node pointer is returned by offindcompatiblenode, and the refcount is incremented. Calling ofnodeput helps to address the refcount leak issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mlx5: Fixed a leak in skb during fifo resync and push operations. During the ptp resync operation, SKBs were popped from the fifo, but they were never freed either by napiconsume or by devkfreeskbany. Added a call to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: A memory barrier is required to ensure that the PTP WQ xmit submission tracking occurs after populating the metadatamap. Simply reordering the functions mlx5eptpmetadatamapput and mlx5eptpsqtrackmetadata within the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: gve: Implement settime64 with -EOPNOTSUPP The ptpclocksettime function assumes that every ptpclock has implemented settime64. Implement -EOPNOTSUPP as a stub to prevent NULL dereferencing...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Netwerk: Ethernet: xscale: Ensure proper check for PTP support. In the ixp4xxgettsinfo function, the ixp46xptpfind function is called unconditionally. This occurs because this feature only exists in ixp46x. This leads to the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Fixed potential null pointer dereferencing. In functions lan8814getsigrx and lan8814getsigtx, ptpparseheader may return NULL due to abnormal packet types or corrupted packets. This bug has been fixed by adding a...