Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fixed a use-after-free issue when volume creation failed. There is a use-after-free problem related to ‘ebatbl’ in the error handling code of ubicreatevolume. The relevant code is as follows:...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ubi: Fixed the UAF Use-After-Free issue in the eraseblkcountseqshow function. The wear-leveling entry could be freed during an erroneous path, and this entry might be accessed again in eraseblkcountseqshow, for example: c...

CLSA-2026-1773832495 Fix of 114 CVEs

CVE-2023-53515 - virtio-mmio: don't break lifecycle of vmdev CVE-2023-53515 CVE-2025-39967 - fbcon: fix integer overflow in fbcondosetfont CVE-2025-39967 - fbcon: Fix OOB access in font allocation CVE-2025-39967 CVE-2025-38702 - fbdev: fix potential buffer overflow in doregisterframebuffer...

kernel: Fix of 13 CVEs

fbdev: Fix vmalloc out-of-bounds write in fastimageblit CVE-2025-38685 - cnic: Fix use-after-free bugs in cnicdeletetask CVE-2025-39945 - scsi: bfa: Double-free fix CVE-2025-38699 - fbdev: fix potential buffer overflow in doregisterframebuffer CVE-2025-38702 - scsi: ses: Fix slab-out-of-bounds in...

SUSE CVE-2023-54087

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubifreevolume It willl cause null-ptr-deref in the following case: uifinit ubiaddvolume cdevadd - if it fails, call killvolumes deviceregister killvolumes - if ubiaddvolume fails call this...

EUVD-2023-60358

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubifreevolume It willl cause null-ptr-deref in the following case: uifinit ubiaddvolume cdevadd - if it fails, call killvolumes deviceregister killvolumes - if ubiaddvolume fails call this...

CVE-2023-54087

In the Linux kernel ubi subsystem, CVE-2023-54087 fixes a null pointer dereference in ubi_free_volume() triggered when ubi_add_volume() failures lead to kill_volumes() invoking ubi_free_volume() for devices that may not have been added. The patch ensures that, on ubi_add_volume() error, the affec...

SUSE CVE-2023-53271

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix unreferenced object reported by kmemleak in ubiresizevolume There is a memory leaks problem reported by kmemleak: unreferenced object 0xffff888102007a00 size 128: comm "ubirsvol", pid 32090, jiffies 4298464136 age...

CVE-2021-47634

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrlcdevioctl and ubicdevioctl Hulk Robot reported a KASAN report about use-after-free: ================================================================== BUG: KASAN: use-after-free in...

USN-6938-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

It was discovered that the device input subsystem in the Linux kernel did not properly handle the case when an event code falls outside of a bitmap. A local attacker could use this to cause a denial of service system crash. CVE-2022-48619 黄思聪 discovered that the NFC Controller Interface NCI...

USN-6896-4 linux-raspi, linux-raspi-5.4 vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the Atheros 802.11ac...