142 matches found
CVE-2026-53158
The CVE-2026-53158 issue affects the Linux kernel’s fastrpc rpmsg path. A NULL pointer dereference could occur at boot when a DSP glink message arrives before fastrpc_rpmsg_probe() has finished initialization, causing a crash from an uninitialized spinlock on the fastrpc_channel_ctx. The root cau...
Astra Linux – Vulnerability in Linux 5.15
The rpmsgprobe function in the drivers/rpmsg/virtiorpmsgbus.c file in the Linux kernel, prior to version 5.18.4, contains a double-free issue...
Astra Linux – Vulnerability in Linux 5.15
The function rpmsgvirtioaddctrldev in the file drivers/rpmsg/virtiorpmsgbus.c in the Linux kernel, prior to version 5.18.4, contains a double-free...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx-remoteheap The function fastrpcinitcreatestaticprocess may free the memory allocated to cctx-remoteheap during the errmap path, but does not clear the pointer pointing to that memory...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Avoid double destruction of the default endpoint The rpmsgdevremove function in rpmsgcore is the place where this default endpoint is released. Therefore, it is necessary to avoid destroying the default endpoint in...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driveroverride when rpmsgremove Free driveroverride when rpmsgremove. Otherwise, the following memory leak will occur: Unreferenced object 0xffff0000d55d7080 size 128: Comm "kworker/u8:2", pid 56, jiffies...
SUSE CVE-2025-71274
In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...
CVE-2025-71274
A flaw was found in the Linux kernel's rpmsg core. A race condition exists between the driveroverrideshow and driveroverridestore functions. This allows the driveroverride string to be freed while it is still being read, leading to a use-after-free vulnerability. This could potentially result in...
CVE-2025-71274
In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...
CVE-2025-71274
In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...
CVE-2025-71274
CVE-2025-71274 concerns the Linux kernel rpmsg core. A race existed between driver_override_show() and driver_override_store(): the show path read the driver_override string without holding the device_lock, while the store path modified and freed it while the lock was held, enabling a use-after-f...
CVE-2025-71274
In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition between the driveroverrideshow function and the driveroverridestore function in...
PT-2026-37449
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the rpmsg core where the driver override show function reads the driver override string without holding the device lock. Simultaneously, the store function...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Added a check for kstrdup. Added a check on the return value of kstrdup, and return an error if it fails, in order to avoid NULL pointer dereferencing...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fixed a race condition between the release of rpmsgctrldev and cdev The struct rpmsgctrldev contains a struct cdev. The current code releases the rpmsgctrldev struct in rpmsgctrldevreleasedevice, but the cdev is a...
CVE-2026-31730
A flaw was found in the Linux kernel's fastrpc component that could lead to a denial of service DoS or potentially arbitrary code execution. This memory corruption vulnerability, specifically a double-free, occurs when the cctx-remoteheap memory is freed twice due to an error handling issue in th...
CVE-2026-31730
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx-remoteheap fastrpcinitcreatestaticprocess may free cctx-remoteheap on the errmap path but does not clear the pointer. Later, fastrpcrpmsgremove frees cctx-remoteheap again if it is...
CVE-2026-31730
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx-remoteheap fastrpcinitcreatestaticprocess may free cctx-remoteheap on the errmap path but does not clear the pointer. Later, fastrpcrpmsgremove frees cctx-remoteheap again if it is...
PT-2026-36365
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the fastrpc component. The function fastrpc init create static process may free the cctx-remote heap variable on the err map path without clearing the...