kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fixed a slab-out-of-bounds issue in sesenclosuredataprocess. A fix for the issue is as follows: BUG: KASAN: A slab-out-of-bounds condition occurred in sesenclosuredataprocess+0x949/0xe30 ses. The size of the read...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: The corruption of the slabcaches list after kmemcacheDestroy has been fixed. After the commit in “Fixes”, if a module that creates a slab cache does not release all of its allocated objects before destroying the...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: slab-out-of-bounds read in brcmfgetassocies Fix a slab-out-of-bounds read that occurs in kmemdup called from brcmfgetassocies. The bug could occur when associnfo-reqlen, data from a URB provided by a USB device, i...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: orangefs: fixed an out-of-bounds read in orangefsdebugwrite. I received a report from syzbot regarding an out-of-bounds read in orangefsdebugwrite… Several people suggested solutions. I tested Al Viro’s suggestion and created thi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: CIFS: Fixed the smbdresponse slab to allow usercopy. The handling of received data in the smbdirect client code involves using copytoiter to copy data from the packet trailer of the smbdreponse structure to a buffer provided by...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cachefiles: Fixed a slab-out-of-bounds issue in cachefilessetvolumexattr. The actual length of volume coherence data should be used when setting the xattr value to avoid the following KASAN report. BUG: KASAN: Slab-out-of-boun...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ubi: fastmap: Fixed duplicate slab cache names during attachment Since commit 4c39529663b9 “slab: Warns about duplicate cache names when DEBUGVM=y”, duplicate slab cache names can be detected, and a kernel warning is issued. In t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a slab-out-of-bounds issue in initsmb2rsphdr. When smb1 mounting fails, KASAN detects a slab-out-of-bounds issue in initsmb2rsphdr, as follows. For smb1’s negotiate56 bytes, initsmb2rsphdr is called for smb2. The iss...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/tipc: fixed the slab-use-after-free issue in tipcaeadencryptdone+0x4bd/0x510 net/tipc/crypto.c:840. Syzbot reported a slab-use-after-free with the following call trace:...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: HID: betop: fixed a slab-out-of-bounds Write issue in betopprobe. Syzbot reported a slab-out-of-bounds Write bug in the hid-betopff driver. The problem arises from the driver assuming that the device must have an input report;...

CVE-2026-47328

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmallocd, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata an...

K000161577: Linux kernel vulnerability CVE-2025-39817

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as well: BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasancheckrange+0xe8/0x190...

Linux Distros Unpatched Vulnerability : CVE-2026-45935

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot In the 'DeleteIndexEntryRoot' case of the 'doaction' function, the entry size 'esize' is retrieve...

Linux Distros Unpatched Vulnerability : CVE-2026-46029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/slab: return NULL early from kmallocnolock in NMI on UP On UP kernels !CONFIGSMP, spintrylock is a no-op that unconditionally succeeds even when the lock is...

libceph: Fix slab-out-of-bounds access in auth message processing

...

SUSE CVE-2026-46119

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a potentially corrupted message of type CEPHMSGAUTHREPLY contains a positive value in its result field, it is treated as an error code by cephhandleauthreply an...

SUSE CVE-2026-46166

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211dfscaccancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error...

Linux Distros Unpatched Vulnerability : CVE-2026-46119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: Fix slab-out-of-bounds access in auth message processing If a potentially corrupted message of type CEPHMSGAUTHREPLY contains a positive value in its...