954 matches found
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
In the Linux kernel, the following vulnerability has been resolved: srcu: Use irqwork to start GP in tiny SRCU Tiny SRCU's srcugpstartifneeded directly calls schedulework, which acquires the workqueue pool-lock. This causes a lockdep splat when callsrcu is called with a scheduler lock held, due t...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: The registration of structops that uses the module ptr was rejected, and the module btfid is missing. There is a UAF report in bpfstructops when CONFIGMODULES=n. Specifically, the issue relates to tcpcongestionops, which has...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerabilities have been resolved: s390: Fixed a double-free of GS and RI CBs upon a fork failure. The pointers for guarded storage and runtime instrumentation control blocks are stored in the threadstruct of the associated task. These pointers are initially...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing cadpid During boot, kernelinitfreeable initializes cadpid to the init task's struct pid. Later on, we may change cadpid via a sysctl, and when this happens procdocadpid will increment the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: No support for struct arguments in trampoline programs The current implementation does not support struct arguments. This causes an oops when running the bpf selftest: $ ./testprogs -a tracingstruct Oops1: CPU -1...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Release MR restrack when delete The MR restrack also needs to be released when delete it, otherwise it cause memory leak as the task struct won't be released...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: iommu: Two issues were fixed in iommucopystructfromuser. During the review of the iommucopystructtouser helper function, Matt pointed out that a NULL pointer should be rejected before dereferencing it:...
Potential out-of-bounds write via public `Context` fields
The Context struct has all fields public pub dlen, pub digest, etc.. Code from other modules within the same crate can directly modify dlen to a value exceeding the digest vector length. When reset is subsequently called, self.digestself.dlen as usize = 0 becomes an out-of-bounds write. Withdrawa...
CVE-2026-43058
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix pass-by-value structs causing MSAN warnings vidtvtsnullwriteinto and vidtvtspcrwriteinto take their argument structs by value, causing MSAN to report uninit-value warnings. While only vidtvtsnullwriteinto has...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006975)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006975 advisory. In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage threadstruct's s12 may contain random kernel memory...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013213)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013213 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix swapinfostruct race between swapoff and getswappages The si-lock must be held when...
JLSEC-2026-89
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free write vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a std::vector, which...
CVE-2026-23447
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch also exists in cdcncmrxverifyndp32. The DPE array size is validated against the total skb length withou...
CVE-2026-23447 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch also exists in cdcncmrxverifyndp32. The DPE array size is validated against the total skb length withou...
OESA-2026-1759 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug...
CVE-2026-33491
Zen C compiler before v0.4.4 is vulnerable to a stack-based buffer overflow in identifier mangling. A specially crafted Zen C source (.zc) with excessively long struct, function, or trait identifiers can cause a compiler crash or potentially allow arbitrary code execution. The issue affects Zen C...
CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdmacreateuserah struct irdmacreateahresp // 8 bytes, no padding u32 ahid; // offset 0 - SET uresp.ahid = ah-scah.ahinfo.ahidx u8 rsvd4; // offset 4 - NEVER SET - LEAK ; rsvd4: 4 bytes of sta...
CVE-2026-30980 iccDEV has a stack overflow in CIccBasicStructFactory::CreateStruct()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5...
CVE-2026-30980 iccDEV has a stack overflow in CIccBasicStructFactory::CreateStruct()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5...
wifi: avoid kernel-infoleak from struct iw_point
...