Astra Linux – Vulnerability in Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisock: Fixed an issue where user input was not validated. The length of user input was checked before copying data...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ax25: rcu protect dev-ax25ptr syzbot identified a lockdep issue 1. We should remove the ax25 RTNL dependency in ax25setsockopt. This should also fix various potential UAF issues in ax25. 1 WARNING: A circular locking dependenc...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: removal of support for TCPULP setsockopt TCPULP setsockopt cannot be used for mptcp because it is already used internally to access subflow tcp sockets at the mptcp level. The syzbot was able to cause a crash in mptcp...

Astra Linux - уязвимость в linux, linux-5.10

A vulnerability, classified as problematic, was discovered in the Linux kernel. This vulnerability affects the tcpgetsockopt/tcpsetsockopt functions of the TCP Handler component. Manipulation of these functions can lead to a race condition. It is recommended that a patch be applied to address thi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: SCO: Fixed issue where user input is not validated before calling setockopt. The syzbot reported that scosocksetsockopt copies data without checking the length of the user input. BUG: KASAN: Out-of-bounds access in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: xsk: Validated user input for XDPUMEM|COMPLETIONFILLRING syzbot reported an illegal copy in xsksetsockopt 1 Ensure that the @optlen parameter of setsockopt is validated. 1 BUG: KASAN: Out-of-bounds access in...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed an issue where user input was not validated. The length of user input was checked before data was copied...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fixed a UAF in j1939skmatchfilter during setsockoptSOJ1939FILTER. Locked jsk-sk to prevent UAF when setsockopt..., SOJ1939FILTER, ... modifies jsk-filters while receiving packets. The following issue was observed on t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for missing rcu protection. When removing the rcureadlock from bondethtoolgettsinfo, I didn’t realize that it could also be called via setsockopt, which does not hold a rcu lock. As pointed out by syzbot: Stack trace...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: Validates user input to ensure it is of the expected length. I received multiple syzbot reports indicating that old bugs were exposed due to BPF after the commit 20f2505fb436 “bpf: Try to avoid kzalloc in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013483)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013483 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smcsetsockopt and...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010749)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010749 advisory. In the Linux kernel 5.11 through 5.12.2, isotpsetsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. This does not affect...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010753 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smcsetsockopt and...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010734)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010734 advisory. A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler...

CLSA-2026-1773047921 kernel: Fix of 70 CVEs

wifi: iwlwifi: mvm: guard against invalid STA ID on removal CVE-2024-36921 - ASoC: topology: Fix references to freed memory CVE-2024-41069 - net/sched: actmirred: don't override retval if we already lost the skb CVE-2024-26739 - drivers: base: Free devm resources when unregistering a device...

Important: kernel

Issue Overview: A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005047)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005047 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21711)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21711 advisory. - In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in...

ROS-20260119-7367

A vulnerability in the ax25setsockopt function of the net/ax25/afax25.c component of the Linux operating system kernel is related to improper memory freeing before deleting the last reference. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000592)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000592 advisory. Race condition in net/packet/afpacket.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service use-after-free by...