72 matches found
CVE-2026-53247
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Fix use-after-free in metadata dst teardown mtkfreedev calls metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...
CVE-2026-53248
In Linux kernel, the airoha net driver has a use-after-free in metadata_dst teardown (CVE-2026-53248). The airoha_metadata_dst_free() function frees the metadata_dst with kfree() immediately, bypassing the RCU grace period, while the RX path may hold a non-refcounted pointer from skb to the dst v...
PT-2026-51718
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Null Pointer Dereference NPD can occur when removing a port from a Virtual Routing and Forwarding VRF instance. RCU readers using netif is l3 slave may incorrectly assume that netdev...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – Fix for htt.pktlog locking. The ath11k active PDevs are protected by RCUs, but the code that handles htt.pktlog, namely ath11kmacgetarbypdevid, was not marked as a read-side critical section. Mark the relevant code...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Fixed the issue with copylinklist updates when the “copyTracemarker” option is enabled for an instance. When this option is enabled, any data written to /sys/kernel/tracing/tracemarker is also copied into the buffer o...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: sched: added a RCU read-side critical section in tapriodump Fixed a possible use-after-free in ‘tapriodump’ by adding a RCU read-side critical section. This issue was not encountered on x86, but was found on an arm64 syst...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – Fixing the gtk offload status event locking issue The ath11k active PDevs are protected by RCUs, but the code that handles the gtk offload status event and calls ath11kmacgetarvifbyvdevid was not marked as a...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – Fix for DFS radar event locking. The ath11k active PDevs are protected by RCU, but the code that handles DFS radar events and calls ath11kmacgetarbypdevid was not marked as a read-side critical section. Mark the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ima: Avoid blocking in the RCU read-side critical section. A panic occurs in imamatchpolicy: BUG: Unable to handle a NULL pointer dereferencing in the kernel at 0000000000000010. PGD 42f873067 P4D 0 Oops: 0000 1 SMP NOPTI CPU:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fixed issues with dfs-radar and temperature event locking. The ath12k active PDevs are protected by RCU, but the code responsible for handling DFS-radar and temperature events, which calls ath12kmacgetarbypdevid...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables – Use a timestamp to check for set element timeout. A timestamp field was added at the beginning of the transaction; it is stored in the nftablespernetns area. The .insert, .deactivate, and syncgc functions...
Node.js Module axios < 1.15.2 Prototype Pollution
The version of the axios Node.js module installed on the remote host is prior to 1.15.2. It is, therefore, affected by the following vulnerability: - Axios has prototype pollution read-side gadgets in the HTTP adapter that allow credential injection and request hijacking. CVE-2026-42264 Note that...
CVE-2026-43214
The CVE-2026-43214 issue concerns Linux kernel KVM on x86: when reading PDPTRs in __get_sregs2(), SRCU read-side protection was missing. The root cause is that kvm_pdptr_read() may dereference guest memory via a chain (svm_cache_reg -> load_pdptrs -> kvm_vcpu_read_guest_page -> kvm_vcpu_...
CVE-2026-43214 KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2()
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Add SRCU protection for reading PDPTRs in getsregs2 Add SRCU read-side protection when reading PDPTR registers in getsregs2. Reading PDPTRs may trigger access to guest memory: kvmpdptrread - svmcachereg - loadpdptrs -...
SUSE CVE-2026-31669
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...
CVE-2026-31657
In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadvblaaddclaim can replace claim-backbonegw and drop the old gateway's last reference while readers still follow the pointer. The netlink claim dump path dereferences...
CVE-2026-31657
In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadvblaaddclaim can replace claim-backbonegw and drop the old gateway's last reference while readers still follow the pointer. The netlink claim dump path dereferences...
PT-2026-35009
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the batman-adv module, the function batadv bla add claim can replace claim-backbone gw and drop the last reference of the old gateway while readers are still following the pointer. Th...
EUVD-2026-25219
In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro-uniq use-after-free in rawrcv rawrelease unregisters raw CAN receive filters via canrxunregister, but receiver deletion is deferred with callrcu. This leaves a window where rawrcv may still be running in an RCU...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the reuse of a freed resource after the release of the ro-uniq operation in rawrcv. This could le...