Linux Distros Unpatched Vulnerability : CVE-2026-46034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in...

Linux Distros Unpatched Vulnerability : CVE-2026-46036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its valu...

SUSE CVE-2026-46036

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...

CVE-2026-46034

A flaw was found in the Linux kernel's vfio/cdx module. A local user can cause a system crash by improperly configuring Message Signaled Interrupts MSI before they are set up. This can lead to a NULL pointer dereference, resulting in a Denial of Service DoS for the system...

CVE-2026-46034

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in vfiocdxsetmsitrigger. Without this check, userspace can trigger a NULL pointer...

CVE-2026-46036

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...

UBUNTU-CVE-2026-46034

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in vfiocdxsetmsitrigger. Without this check, userspace can trigger a NULL pointer...

CVE-2026-46036

The CVE covers a race in the Linux kernel vfio/cdx driver where concurrent VFIO_DEVICE_SET_IRQS ioctls can observe inconsistent state of config_msi and cdx_irqs, leading to use-after-free of the cdx_irqs array. A per-device mutex (cdx_irqs_lock) is added to struct vfio_cdx_device and is acquired ...

CVE-2026-46036 vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...

CVE-2026-46034

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in vfiocdxsetmsitrigger. Without this check, userspace can trigger a NULL pointer...

EUVD-2026-32415

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in vfiocdxsetmsitrigger. Without this check, userspace can trigger a NULL pointer...

CVE-2026-46034

The CVE-2026-46034 issue affects the Linux kernel VFIO/cdx path, where NULL pointer dereference could occur in the interrupt trigger path if userspace calls VFIO_DEVICE_SET_IRQS with DATA_BOOL/DATA_NONE before interrupts are set up via VFIO_IRQ_SET_DATA_EVENTFD. The root cause is missing enforcem...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the vfio/cdx driver’s failure to verify whether MSI is configured during the interrupt trigger...

PT-2026-43901

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdx irqs array in vfio cdx set msi trigger. Without this check, userspace can trigger a NULL pointer...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of serialization in the VFIODEVICESETIRQS operation within the vfio/cdx driver. This...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: vfio: Fixed NULL pointer dereferencing caused by uninitialized group-iommufd. group-iommufd is not initialized for the iommufdctxput function. 20018.331541 BUG: NULL pointer dereferencing in the kernel, address: 00000000000000...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ice: ptp: do not emit a WARN when controlling PF is unavailable In VFIO passthrough setups, it is possible to only pass through a PF that does not own the source timer. In such cases, the PTP controlling PF adapter-ctrlpf is neve...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Created a persistent INTx handler There exists a vulnerability where the eventfd for INTx signaling can be deconfigured. This causes the IRQ handler to be unregistered, but it still allows eventfds to be signaled with a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: vfio/pds: Fixed the missing detachioas operation. When CONFIGIOMMUFD is enabled and a device is bound to the pdsvfiopci driver, the following WARNON trace is observed, and the probe fails: WARNING: CPU: 0 PID: 5040 at...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Blocking calls to interrupt handlers without triggering them The trigger pointer of the vfiofslmcirqy object is initially NULL, and it may become NULL if the user sets the trigger parameter of eventfd to -1. The...