EUVD-2026-39280

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: update file PMD counter before folioput splithugepmdlocked updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folioput drops the last reference, mmcounterfile can later read fre...

EUVD-2026-38817

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboshrink infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad "drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure" to the ttmboshrink path. Move delbulkmove from before the backup to...

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm: Fix unexpected zeroed page mapping with zram swap In cases where two processes are cloning under CLONEVM, a user process may be corrupted when zeroed pages are unexpectedly displayed. CPU A | CPU B --- | --- doswappage |...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm: slub: Avoid waking up kswapd in settrackprepare settrackprepare may cause lock recursion. The issue arises because it is called from hrtimerstartrangens, which holds percpuhrtimerbasesn.lock. However, when...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fixed the descriptor address in kvmatswapdesc Using “u64 user hva + offset” to obtain the virtual addresses of S1/S2 descriptors seems incorrect, especially when offset is not zero. What we actually want to get for...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: condresched was added to getswappages. A softlockup still occurs in getswappages under memory pressure. With 64 CPU cores, 64GB of memory, and 28 zram devices, the size of each zram device is 50MB, and they all have...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswapwritebackentry, after obtaining a folio from readswapcacheasync, we reacquire the tree lock to ensure that the swap entry was not invalidated or recycled. If it...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid mapping the wrong physical block for the swapfile. Xiaolong Guo reported a bug related to f2fs in bugzilla 1. 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 As quoted: “When using the ‘stress-ng’ swap...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: A NULL pointer dereferencing issue was addressed when splitting folio objects. The commit c010d47f107f “mm: thp: splitting huge pages into lower-order pages” introduced a check on the order of the folio objects via...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mm/swap: Fixed the race condition between swapoff and getswappages. The si-lock must be held when deleting the si from the available list. Otherwise, another thread may re-add the si to the available list, leading to memory...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: Only reference swappfn is called if the type matches. Yu Zhao reported a bug after the commit “mm/swap: Add swpoffsetpfn to fetch PFN from swap entries” added a check in swpoffsetpfn for the swap type 1: Kernel bug a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm: Fixed a kernel bug where userfaultfdmove encountered swapcache. userfaultfdmove checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, movepresentpte handles folio migration by setting:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the mm/pagealloc function, the clearpage-private operation is performed in freepagesprepare. Several subsystems slub, shmem, ttm, etc. use page-private, but they do not clear it before freeing pages. When these pages are later...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/MADVCOLLAPSE: handling !none !huge !bad pmd lookups In commit 34488399fa08 “mm/madvise: adding file and shmem support to MADVCOLLAPSE”, we made the following change to findpmdorthpornone: – if !pmdpresentpmde return...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/gup: rejecting FOLLSPLITPMD with hugetlb VMAs. The patch series “mm: fixes for device-exclusive entries hmm”, version 2. While discussing the PageTail call in makedeviceexclusiverange, I recently discovered that device-exclusi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: The xid leak in cifscopyfilerange has been fixed. If the file is used by swap, before returning -EOPNOTSUPP, the xid should be freed. Otherwise, the xid will be leaked...

CVE-2026-11791

The CVE-2026-11791 entry concerns 389 Directory Server (389-ds-base), where during schema reload the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing refcount-based deferred deletion. This can lead to use-after-free or double-free when LDAP query ...

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...