Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility of overflowing the length of shared memory lists, potentially leading to an unexpected...

CVE-2026-43172

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix 22000 series SMEM parsing If the firmware were to report three LMACs which doesn't exist in hardware then using "fwrt-smemcfg.lmac2" is an overrun of the array. Reject such and use IWLFWCHECK instead of WARNON ...

CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix 22000 series SMEM parsing If the firmware were to report three LMACs which doesn't exist in hardware then using "fwrt-smemcfg.lmac2" is an overrun of the array. Reject such and use IWLFWCHECK instead of WARNON ...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from array out-of-bounds access during the 22000 series SMEM parsing in iwlwifi...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/smc: fixed the issue where NULL sndbufdesc was used in smccdctxhandler. When performing a stress test on SMC-R using the rmmod mlx5ib driver during the wrk/nginx test, we found that there is a possibility of triggering a pani...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: venus: Added a check for the packet size after reading from shared memory. A check was added to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory...

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the Linux kernel. Measuring the usage of shared memory does not scale well with large counts of shared memory segments, which could lead to resource exhaustion and Denial-of-Service attacks...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: tee: added a overflow check in registershmhelper When special lengths are provided by the user space, registershmhelper may cause an integer overflow when calculating the number of pages covered by a given user space memory regio...

Astra Linux - уязвимость в firefox, thunderbird

Insufficient checks during the processing of graphics shared memory could lead to memory corruption. This vulnerability could be exploited by an attacker to perform a sandbox escape. This issue affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Do not free decrypted memory. In CoCo Virtual Machines, it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail. As a result, an error may be returned, and the decrypted memor...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/shmem, swap: Fixed a race condition between the truncate operation and the swap entry splitting operation. The helper function for shmem swap-freezing does not handle the order of swap entries correctly. It uses xacmpxchgir...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: Invoking MMU notifiers in shmem/file collapse paths. Any code path that updates page table entries must invoke MMU notifiers to ensure that secondary MMUs such as those related to KVM do not continue to access page...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/shmem, swap: fixed the soft lockup issue with mTHP swapin. The following soft lockup can be easily reproduced on my test machine using the following command: echo always...

CVE-2026-31700

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnethdr in tpacketsnd In tpacketsnd, when PACKETVNETHDR is enabled, vnethdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel validates the header via...

📄 V8 BigInt String Conversion Stress Test Conceptual Sandbox

This is a V8 Sandbox Escape vulnerability in BigInt::Allocate where buffers are shuffled outside the sandbox. The vulnerability allows for writes outside the boundaries of the allocated buffer within the sandbox outbound write by manipulating data during the MultiplyFFT process...

CVE-2026-31654

A flaw was found in the Linux kernel. When a shared memory mapping is created for /dev/zero, a memory leak can occur if the virtual memory area VMA allocation fails. This happens because a newly allocated file, intended to back the mapping, is not properly released in the error path, leading to...

CLSA-2026-1776880484 tigervnc: Fix of CVE-2026-34352

CVE-2026-34352: fix incorrect permissions on x0vncserver shared-memory image that allowed other users to observe or manipulate the screen or crash the server...

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013697)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013697 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether transferred 2D BO is shmem Transferred 2D BO always must be a shmem BO...

PT-2026-34242

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the kernel's handling of protection keys for address ranges. The subroutine responsible for updating page table entries fails to account for 1GB largepage mappings creat...