Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: block: don't allow the same type rqqos add more than once In our test of iocost, we encountered some list add/del corruptions of innerwalk list in ioctimerfn. The reason can be described as follows: cpu 0 cpu 1 iocqoswrite...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: habanalabs/gaudi: fix shift out of bounds When validating NIC queues, queue offset calculation must be performed only for NIC queues...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Do not block the input queue by waiting for the MSC response Currently, the gsmqueue function processes incoming frames. When opening a DLC channel, it calls gsmdlciopen, which in turn calls gsmmodemupdate. If the basi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: The call to fini during the creation of an execution queue fails. Every call to queue initialization should include a corresponding fini call. Skipping this would mean failing to remove the queue from the GuC list...

SUSE CVE-2026-31703

In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inodeswitchwbsworkfn inodeswitchwbsworkfn has a loop like: wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !list break; ... process the items ... Now adding of...

Linux Distros Unpatched Vulnerability : CVE-2026-43022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if...

CVE-2026-31766

A flaw was found in the Linux kernel's AMD GPU amdgpu driver. A local user could exploit this vulnerability by providing a malformed doorbell offset during user queue creation. This lack of proper bounds checking allows the offset to exceed the allocated memory, potentially corrupting critical...

CVE-2026-31755

A flaw was found in the Linux kernel's cdns3 USB gadget driver. When a gadget endpoint is disabled or not yet configured, a NULL pointer dereference can occur in the epqueue function. This can lead to a kernel crash, resulting in a denial of service DoS on the affected system...

CVE-2026-43031

A flaw was found in the Linux kernel's xilinx axienet network driver. This vulnerability arises from incorrect accounting of Buffer Queue Length BQL, a mechanism that manages network buffer usage, for transmit TX packets that are split across multiple buffer descriptors. If these packet segments...

CVE-2026-43029

A flaw was found in the Linux kernel's Multipath TCP mptcp implementation. When an attacker sends data with MSGPEEK | MSGWAITALL flags, the system can enter a soft lockup state. This occurs because the skreceivequeue is not properly cleared, causing the system to continuously find available data...

CVE-2026-43024

A flaw was found in the Linux kernel's netfilter nftables component. This vulnerability arises from the system allowing immediate NFQUEUE verdicts, which are not intended for use by userspace nft tools. This could lead to unexpected behavior or a bypass of intended network filtering rules,...

CVE-2026-43022

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization component of the Linux kernel. The hcicmdsyncqueueonce function did not properly signal when a command was already queued, which could lead to resource leaks. An attacker could potentially exploit this to cause a Deni...

CVE-2026-43021

A flaw was found in the Bluetooth hcisync component of the Linux kernel. When the hcicmdsyncqueueonce function fails, the associated destroy callback is not invoked, leading to memory and reference leaks. This continuous leakage of resources could eventually result in a Denial of Service DoS...

CVE-2026-43011

A flaw was found in the Linux kernel's X.25 networking component. This vulnerability, a double free, occurs when a socket buffer skb allocation fails in x25queuerxframe, causing the same skb to be freed twice. This improper memory handling can lead to a system crash, resulting in a Denial of...

CVE-2026-43021

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...

CVE-2026-43022

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...

CVE-2026-43024

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject immediate NFQUEUE verdict nftqueue is always used from userspace nftables to deliver the NFQUEUE verdict. Immediately emitting an NFQUEUE verdict is never used by the userspace nft tools, so reject...

CVE-2026-31766

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...

CVE-2026-31755

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This leads to a NULL pointer dereference when cdns3gadgetepqueue is called,...

CVE-2026-31721

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bind an hid gadget - open /dev/hidg0 - use the resulting fd in EPOLLCTLADD - unbind the UDC - bind the...