Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf, arm64: A BTI error was fixed when returning to the patched function. When BPFTRAMPFCALLORIG is set, the BPF trampoline uses BLR to jump back to the instruction next to the call site, in order to call the patched function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disabling trampoline for kernel module function tracing The current implementation of BPF trampoline in LoongArch is incompatible with tracing functions in kernel modules. This causes several serious and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a panic that occurred due to an incorrect pageattr of im-image. In the scenario where livepatch and kretfunc coexist, the pageattr of im-image becomes rox after archpreparebpftrampoline in bpftrampolineupdate. Then, wh...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: uprobes/x86: Harden the uretprobe syscall trampoline check Jann reported a potential issue when trampolinecheckip returns an address near the bottom of the address space, which is allowed to be called into the syscall if uretprob...

K000161138: Linux kernel vulnerability CVE-2026-23307, CVE-2026-23319

Security Advisory Description CVE-2026-23307 In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not th...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handles PLTs. Sometimes it is necessary to use a PLT entry to call a ftrace trampoline. This is handled by ftracemakecall and ftracemakenop, both of which have almost identical logic. However, this iss...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Add preemptcountsub,add into btf id deny list The recursion check in bpfprogenter and bpfprogexit leave preemptcountsub,add unprotected. When attaching trampoline to them we get panic as follows, 867.843050 BUG: TASK stack...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fixed the trampoline for BPFTRAMPFCALLORIG. When BPFTRAMPFCALLORIG is set, the trampoline calls the bpftrampenter and bpftrampexit functions, passing struct bpftrampimage im as an argument in R0. The trampoline...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in isftracetrampoline when ftrace is dead ftracestartup does not remove ops from ftraceopslist when ftracestartupenable fails: registerftracefunction ftracestartup registerftracefunction...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix potential array overflow in bpftrampolinegetprogs The cnt value in the 'cnt = BPFMAXTRAMPPROGS' check does not include BPFTRAMPMODIFYRETURN bpf programs, so the number of the attached BPFTRAMPMODIFYRETURN bpf programs in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Fix system hang during S4 resume with FRED enabled Upon a wakeup from S4, the restore kernel starts and initializes the FRED MSRs as needed from its perspective. It then loads a hibernation image, including the image...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a memory leak caused by failed fentry attachment. If fentry fails to attach, the allocated BPF trampoline image will remain in the system. This can be verified by checking /proc/kallsyms. This memory leak can be detect...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a UAF issue in bpftrampolinelinkcgroupshim. The root cause of this bug is that when bpflinkput reduces the refcount of shimlink-link.link to zero, the resource is considered released, but it may still be referenced via...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: No support for struct arguments in trampoline programs The current implementation does not support struct arguments. This causes an oops when running the bpf selftest: $ ./testprogs -a tracingstruct Oops1: CPU -1...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: Fixed the JIT code size calculation for the BPF trampoline. The archbpftrampolinesize function provides the JIT size of the BPF trampoline before the buffer for JIT compilation of it is allocated. The total number of...

CVE-2026-41898

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

CVE-2026-41898

CVE-2026-41898 affects the rust-openssl bindings for Rust. The vulnerability arises in the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb, where the user closure’s returned usize was forwarde...

CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

GHSA-HPPC-G8H3-XHP3 rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer

The FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut u8 that was handed to the closure. This can lead to...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006783)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006783 advisory. In the Linux kernel, the following vulnerability has been resolved: ARM: rockchip: fix kernel hang during smp initialization In order to bring up secondary CPUs main...