Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ftrace: Fixed NULL pointer dereferencing in isftracetrampoline when ftrace is disabled. ftracestartup does not remove ops from ftraceopslist when ftracestartupenable fails: registerftracefunction ftracestartup...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: A BTI error was fixed when returning to the patched function. When BPFTRAMPFCALLORIG is set, the BPF trampoline uses BLR to jump back to the instruction next to the call site, in order to call the patched function. Fo...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a panic that occurred due to an incorrect pageattr of im-image. In the scenario where livepatch and kretfunc coexist, the pageattr of im-image becomes rox after archpreparebpftrampoline in bpftrampolineupdate. Then, wh...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disabling trampoline for kernel module function tracing The current implementation of BPF trampoline in LoongArch is incompatible with tracing functions in kernel modules. This causes several serious and...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: uprobes/x86: Harden the uretprobe syscall trampoline check Jann reported a potential issue when trampolinecheckip returns an address near the bottom of the address space, which is allowed to be called into the syscall if uretprob...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Added preemptcountsub,add to the btf id deny list. The recursion checks in bpfprogenter and bpfprogexit leave preemptcountsub,add unprotected. When attaching a trampoline to them, a panic occurs as follows: 867.843050 BUG...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: x86/fred: Fixed a system hang that occurred during S4 resume when FRED was enabled. Upon waking up from S4, the restore kernel starts and initializes the FRED MSRs as necessary from its perspective. It then loads a hibernation...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: A potential array overflow has been fixed in bpftrampolinegetprogs. The cnt value in the cnt = BPFMAXTRAMPPROGS check does not include BPFTRAMPMODIFYRETURN bpf programs. As a result, the number of BPFTRAMPMODIFYRETURN bpf...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a UAF issue in bpftrampolinelinkcgroupshim. The root cause of this bug is that when bpflinkput reduces the refcount of shimlink-link.link to zero, the resource is considered released, but it may still be referenced via...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: No support for struct arguments in trampoline programs The current implementation does not support struct arguments. This causes an oops when running the bpf selftest: $ ./testprogs -a tracingstruct Oops1: CPU -1...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a memory leak caused by failed fentry attachment. If fentry fails to attach, the allocated BPF trampoline image will remain in the system. This can be verified by checking /proc/kallsyms. This memory leak can be detect...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handles PLTs. Sometimes it is necessary to use a PLT entry to call a ftrace trampoline. This is handled by ftracemakecall and ftracemakenop, both of which have almost identical logic. However, this iss...

K000161138: Linux kernel vulnerability CVE-2026-23307, CVE-2026-23319

Security Advisory Description CVE-2026-23307 In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: Fixed the JIT code size calculation for the BPF trampoline. The archbpftrampolinesize function provides the JIT size of the BPF trampoline before the buffer for JIT compilation of it is allocated. The total number of...

CVE-2026-41898

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

CVE-2026-41898

CVE-2026-41898 affects the rust-openssl bindings for Rust. The vulnerability arises in the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb, where the user closure’s returned usize was forwarde...

GHSA-HPPC-G8H3-XHP3 rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer

The FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut u8 that was handed to the closure. This can lead to...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006783)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006783 advisory. In the Linux kernel, the following vulnerability has been resolved: ARM: rockchip: fix kernel hang during smp initialization In order to bring up secondary CPUs main...

SUSE CVE-2026-23319

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a UAF issue in bpftrampolinelinkcgroupshim The root cause of this bug is that when 'bpflinkput' reduces the refcount of 'shimlink-link.link' to zero, the resource is considered released but may still be referenced via...