678 matches found
CVE-2026-53312
The CVE-2026-53312 issue affects the Linux kernel in the iommu/riscv invalidation path. The root cause is integer overflow when handling sign-extended page tables (ULONG_MAX) that could lead to an infinite loop during invalidation. The patch removes these overflows and relocates the +1 to avoid l...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RISCV: Sanitizing syscall table indexing under speculation The syscall number is a user-controlled value used to index into the syscall table. Use arrayindexnospec to clamp this value after the bounds check, to prevent speculativ...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RISCV: Process: Fix kernel information leakage The s12 element of the threadstruct may contain random kernel memory contents, which could potentially be leaked to the user space. This is a security flaw. To address this issue,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: perf: RISCV: Fix for panic occurring in the pmu overflow handler 1 idx of int is not desired when setting bits in unsigned long overflowctrs; use BIT instead. This panic occurs when running ‘perf record -e branches’ on sophgo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RISCV: Module: Fixed out-of-bounds relocation access. The current code allows relj to access an element that is beyond the end of the relocation section. This issue has been simplified by using numrelocations, which is equivalent...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rvcv: fixed an oops caused by the irqsoff latency tracer. The tracehardirqson,off functions require the caller to properly set up the frame pointer. This is because these two functions use the macro CALLERADDR1 also known as...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rvdso: In the vdsojointimens function, a NULL pointer was encountered when handling the vfork operation. The testing results are as follows in the kernel log: 6.838454 Unable to handle kernel access to user memory without uaccess...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: riscv: The issue with the handling of SRSPIE set/clear operations during uprobe has been fixed. In riscv, the process of uprobe involves clearing the SPIE before executing the original instruction, and setting the SPIE after...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RISCV: Use READONCENOCHECK in the imprecise unwinding stack mode. When CONFIGFRAMEPOINTER is not set, the stack unwinding function walkstackframe randomly reads from the stack. When KASAN is enabled, this can lead to the followin...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: Fixed instruction simulation for JALR. Setting kprobe at ‘jalr 1140ra’ in vfswrite results in the following crash’: 32.092235 Unable to handle kernel access to user memory without uaccess routines at virtual address...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rcv: Fixed a kernel crash caused by PRSETTAGGEDADDRCTRL. When the user space performs PRSETTAGGEDADDRCTRL, but the Supm extension is not available, the kernel crashes: Oops - illegal instruction 1 snip epc:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rcv: fixed the runtime constant support for nommu kernels The runtimefixup32 function does not handle the case where val is zero correctly as may occur when patching a nommu kernel and referring to a physical address below the 4G...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RISCV: Misaligned – Restricts user access to kernel memory. The rawcopyto,fromuser function does not call accessok, allowing userspace to access any virtual memory address...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RISCV: Vector: Fixed the context saving/restoring with xtheadvector. Previously, only v0-v7 were correctly saved/restored, and the context of v8-v31 was corrupted. Now, v8-v31 are correctly saved/restored to avoid breaking the us...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: rcv: mm: Fixed the out-of-bound issue with vmemmap addresses In the sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. The virtual address of a struct page can...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Corruption occurred when data start offsets were not applied. The commit 04d82a6d0881 “binfmtflat: Allow not offsetting data start” introduced a RISC-V-specific variant of the FLAT format. This variant does not alloca...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: The kexecbuf structure was previously declared without initialization. The patch series “kexec: Fix invalid field access” addresses this issue. The kexecBuf structure was declared without being initialized. The comm...
SUSE CVE-2026-46171
In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: fix vector context allocation leak When the second kzalloc hostcontext.vector.datap fails in kvmriscvvcpuallocvectorcontext, the first allocation guestcontext.vector.datap is leaked. Free it before returning...
Linux Distros Unpatched Vulnerability : CVE-2026-46171
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - riscv: kvm: fix vector context allocation leak When the second kzalloc hostcontext.vector.datap fails in kvmriscvvcpuallocvectorcontext, the first allocation...
CVE-2026-46171
In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: fix vector context allocation leak When the second kzalloc hostcontext.vector.datap fails in kvmriscvvcpuallocvectorcontext, the first allocation guestcontext.vector.datap is leaked. Free it before returning...