685 matches found
CVE-2026-43433
In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...
CVE-2026-43370
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm-processinfo assignment with cmpxchg to prevent race when parent/child processes sharing a drmfile both try to acquire the same VM after fork. cherry picked...
PT-2026-39095
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in Rust Binder where the system fails to verify ownership before using a Virtual Memory Area VMA. When installing or zapping missing pages, Rust Binder looks up the VMA b...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories CVE-2025-68736 In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context CVE-2026-23102 In the Linu...
Astra Linux – Vulnerability in Linux
A issue was discovered in Linux: improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks and cause pages to be freed while still accessible by the VMM and guest. This allows users who have the ability to start and control a VM to read/write random pages of memory, potentially leading ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed the crash that occurred during bootup when the separategpudrm modparam was set. The drmgemforeachgpuvmbo call from lookupvma accesses drmgemobj.gpuva.list, which is not initialized when the DRM driver does not...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: powerpc/fixmap: Fixed the VM debug warning when unmapping a fixmap entry. The unmapping of a fixmap entry is performed by calling setfixmap, with FIXMAPPAGECLEAR as the flag. Currently, powerpc setfixmap calls mapkernelpage...
CVE-2026-31785
In the Linux kernel, the following vulnerability has been resolved: drm/xe/xepagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xepagefaultservice after the VMA lookup. v2: - Apply max line length...
CVE-2026-31787
A flaw was found in the Linux kernel's xen/privcmd module. A local user could exploit this by performing a partial unmapping of a privcmd memory region. This action causes a Virtual Memory Area VMA to split, leading to duplicated internal memory pointers. As a result, the same memory can be freed...
CVE-2026-31785 drm/xe/xe_pagefault: Disallow writes to read-only VMAs
In the Linux kernel, the following vulnerability has been resolved: drm/xe/xepagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xepagefaultservice after the VMA lookup. v2: - Apply max line length...
CVE-2026-31785
In the Linux kernel, the following vulnerability has been resolved: drm/xe/xepagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xepagefaultservice after the VMA lookup. v2: - Apply max line length...
PT-2026-36420
In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe pagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xe pagefault service after the VMA lookup. v2: - Apply max line length...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the VMA segmentation in the xen privcmd driver, leading to double deallocation and potentially...
ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
...
CVE-2026-31654
A flaw was found in the Linux kernel. When a shared memory mapping is created for /dev/zero, a memory leak can occur if the virtual memory area VMA allocation fails. This happens because a newly allocated file, intended to back the mapping, is not properly released in the error path, leading to...
DEBIAN-CVE-2026-31597
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix use-after-free in ocfs2fault when VMFAULTRETRY filemapfault may drop the mmaplock before returning VMFAULTRETRY, as documented in mm/filemap.c: "If our return value has VMFAULTRETRY set, it's because the mmaplock may b...
CVE-2026-31602
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CTPTPNUM from 1 to 4 to support 256 playback streams, but the additional pages are not used by the card correctly. The CT20K2 hardware already has multiple...
CVE-2026-31602
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CTPTPNUM from 1 to 4 to support 256 playback streams, but the additional pages are not used by the card correctly. The CT20K2 hardware already has multiple...
CVE-2026-31602
The CVE-2026-31602 issue affects the Linux kernel ALSA ctxfi driver, where ct_vm_map() may access memory beyond allocated space when CT_PTP_NUM exceeds 1 (AMD64), causing a page fault and potential system crash. The root cause is that ct_vm_map() always uses PTEs in vm->ptp[0].area regardless ...
CVE-2026-31597
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix use-after-free in ocfs2fault when VMFAULTRETRY filemapfault may drop the mmaplock before returning VMFAULTRETRY, as documented in mm/filemap.c: "If our return value has VMFAULTRETRY set, it's because the mmaplock may b...