56 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nbd: Fix for the race between nbdallocconfig and module removal When the nbd module is being removed, nbdallocconfig may be called concurrently by nbdgenlconnect. Although trymoduleget will return false, nbdallocconfig does not...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: Removed the RTNL delay for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to devioctl first, and then forwarded to brioctlcall. This causes an unnecessary RTNL delay and a segmentation fault below 0 under RTNL pressur...
SUSE CVE-2026-45914
In the Linux kernel, the following vulnerability has been resolved: Revert "hwmon: ibmpex fix use-after-free in high/low store" This reverts commit 6946c726c3f4c36f0f049e6f97e88c510b15f65d. Jean Delvare points out that the patch does not completely fix the reported problem, that it in fact...
SUSE CVE-2026-46017
In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration migratefoliomove records the deferred split queue state from src and replays it on dst. Replaying it after removemigrationptessrc, dst, 0 makes dst visible before it is requeued...
kernel: proc: fix UAF in proc_get_inode()
In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: coresight: Holding csfgcfgcsdevlock while removing cscfg from csdev. There may be a race condition related to coresight configuration: CPU0 CPU1 perf enable load module cscfgloadconfigsets Activate configuration. // sysfs...
SUSE-SU-2026:1725-1 Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise kernel 6.4.0-150700.51 fixes various security issues The following security issues were fixed: - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. - CVE-2025-39977: futex: Prevent use-after-free during...
SUSE-SU-2026:21515-1 Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting ...
freerdp: FreeRDP heap-use-after-free
A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013145)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013145 advisory. In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx: Fix pollinterval handling and races on remove Before this patch...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007586)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007586 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up There are cases after...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005108)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005108 advisory. In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to memcgroupidr Commit 73f576c04b94 mm: memcontrol: fix cgroup...
Azure Linux 3.0 Security Update: kernel (CVE-2025-21999)
"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21999 advisory. - In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race...
CVE-2025-71074
In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...
CVE-2025-71074
In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...
CVE-2025-71099 drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl()
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xeoaaddconfigioctl In xeoaaddconfigioctl, we accessed oaconfig-id after dropping metricslock. Since this lock protects the lifetime of oaconfig, an attacker could guess the id and call...
CVE-2025-71074
In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...
CVE-2025-71074
The CVE-2025-71074 issue affects Linux kernel functionfs, where open/removal races can leave file->private_data as a freed object, causing UAF on read/write. Root cause: ffs->opened is misused; synchronization via atomic_dec_and_test() is insufficient. The fix approach, as documented, is to...
CVE-2025-71074 functionfs: fix the open/removal races
In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...
Linux Distros Unpatched Vulnerability : CVE-2025-71074
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of...