Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: removed the callcontrol in inactive contexts. If the damoncall function is executed against a DAMON context that is not running, the function returns an error while keeping the damoncallcontrol object linked to the...

CVE-2026-52905

A flaw was found in the Linux kernel's Data Access MONitor DAMON core. The damonstart function, when used via the DAMON sysfs interface, failed to properly validate the minregionsz parameter. This allowed non-power of two values, which could lead to unaligned DAMON region address ranges and...

CVE-2026-52905 mm/damon/core: disallow non-power of two min_region_sz on damon_start()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

PT-2026-47791

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the DAMON Data Access MONitor subsystem allows the use of unaligned region address ranges. This occurs because the sysfs interface can emit a min region sz value that is not a...

CVE-2026-46264

A flaw was found in the Linux kernel's drm/xe/pf component. This vulnerability arises during the initialization of the sysfs interface, where an error in devmaddactionorreset can cause a cleanup action to execute on an uninitialized kernel object. This can lead to a use-after-free condition, whic...

SUSE CVE-2026-46121

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcgpath kfree with damonsysfslock Patch series "mm/damon/sysfs-schemes: fix use-after-free for memcgpath". Reads of 'memcgpath' and 'path' files in DAMON sysfs interface could race with their...

CVE-2026-46121

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcgpath kfree with damonsysfslock Patch series "mm/damon/sysfs-schemes: fix use-after-free for memcgpath". Reads of 'memcgpath' and 'path' files in DAMON sysfs interface could race with their...

CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcgpath kfree with damonsysfslock Patch series "mm/damon/sysfs-schemes: fix use-after-free for memcgpath". Reads of 'memcgpath' and 'path' files in DAMON sysfs interface could race with their...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fixing the lifetime of the sysfs interface The current nilfs2 sysfs support has issues with the timing of the creation and deletion of sysfs entries. This may lead to null pointer dereferences, use-after-free errors, and...

CVE-2026-43138

A flaw was found in the Linux kernel. A local user could exploit a vulnerability in the GPIO General Purpose Input/Output reset controller by unbinding a dynamically created device through the sysfs a virtual filesystem providing an interface to kernel data structures interface. This improper...

SUSE CVE-2026-31457

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr in repeatcallfn damonsysfsrepeatcallfn calls damonsysfsupdtunedintervals, damonsysfsupdschemesstats, and damonsysfsupdschemeseffectivequotas without checking contexts-nr. If nrcontexts is set to ...

CVE-2026-31458

A flaw was found in the Linux kernel. A privileged local user can exploit this by manipulating the nrcontexts parameter in the mm/damon/sysfs interface to zero while the DAMON Data Access MONitor subsystem is active. This leads to a null pointer dereference when certain sysfs commands are...

CVE-2026-23332

A flaw was found in the Linux kernel's intelpstate cpufreq driver. A local user can trigger a system crash, leading to a Denial of Service DoS, by attempting to disable the CPU turbo feature through the sysfs interface. This vulnerability occurs on systems booted with specific kernel arguments li...

UBUNTU-CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

PT-2026-22921

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The f2fs file system in the Linux kernel contains a flaw related to out-of-bounds memory access and incorrect handling of integer values when reading and writing sysfs attributes...

CVE-2025-71225

CVE-2025-71225: Linux kernel vulnerability in RAID update path. When updating raid_disks via sysfs, freeze_array may unblock before queued r1bio structures are released, causing free_r1bio() to access memory with the old raid_disks/mempool configuration. This can lead to out-of-bounds access and ...

CVE-2026-23142

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-scheme: cleanup accesspattern subdirs on scheme dir setup failure When a DAMOS-scheme DAMON sysfs directory setup fails after setup of accesspattern/ directory, subdirectories of accesspattern/ directory are not...

SUSE CVE-2025-71163

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface...

SUSE CVE-2026-23012

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...

CVE-2026-23012

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...