Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netsched: schsfq: Fixed a potential crash during handling of gsoskb. SFQ assumes that it is always able to queue at least one packet. However, after the committed change, sch-q.len can be inflated by packets in sch-gsoskb. An...

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netsched: Red: fixed a race condition in redchange. Gerrard Tai reported a race condition in RED, whenever the SFQ perturb timer fires at the wrong time. The race condition is as follows: CPU 0 CPU 1 1: lock root 2:...

USN-7835-4 linux-hwe-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

USN-7835-4: Linux kernel (HWE) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, disabling or enabling XSK pools would result i...

SUSE-SU-2025:3892-1 Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001017 fixes several issues. The following security issues were fixed: - CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631. - CVE-2025-38617: net/packet: fix a race in packetsetring and packetnotifier bsc1249208. -...

CVE-2025-56558

The Dyson MQTT server 2022 and possibly later allows publications and subscriptions by a client that has the correct values of AWSACCESSKEYID, AWSSECRETACCESSKEY, AWSSESSIONTOKEN, and device serial number, even if a device such as a Pure Hot+Cool device has been removed and is not visible in the...

kernel: RDMA/irdma: Fix a window for use-after-free

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a window for use-after-free During a destroy CQ an interrupt may cause processing of a CQE after CQ resources are freed by irdmacqfreersrc. Fix this by moving the call to irdmacqfreersrc after the...

tty: n_gsm: Don't block input queue by waiting MSC

...

kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfscchangeclass when...

kernel: RDMA/irdma: Fix a window for use-after-free

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a window for use-after-free During a destroy CQ an interrupt may cause processing of a CQE after CQ resources are freed by irdmacqfreersrc. Fix this by moving the call to irdmacqfreersrc after the...

kernel: mptcp: do not queue data on closed subflows

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/afinet.c:153 inetsockdestruct+0x6d0/0x8e0 net/ipv4/afinet.c:153 Modules linked in: uioivshmemOE ui...

SUSE CVE-2025-40047

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: always prune wait queue entry in iowaitidwait For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, but this can race with...

SUSE CVE-2025-40074

In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...

PT-2025-44327

Name of the Vulnerable Software and Affected Versions Dyson App versions 6.1.23041-23595 Description An issue allows unauthenticated attackers to remotely control other users' Dyson IoT devices via MQTT. Recommendations At the moment, there is no information about a newer version that contains a...

CVE-2025-40071

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

UBUNTU-CVE-2025-40071

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

UBUNTU-CVE-2025-40047

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: always prune wait queue entry in iowaitidwait For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, but this can race with...

CVE-2025-40071

CVE-2025-40071 pertains to the Linux kernel tty n_gsm handling. The issue arises when opening a DLC channel: gsm_queue() processes frames and invokes gsm_dlci_open() → gsm_modem_update(). In basic encoding, gsm_modem_upd_via_msc() could block the input queue waiting for a Modem Status Command (MS...

CVE-2025-40071

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...