13 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53159
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - misc: fastrpc: fix DMA address corruption due to findvma misuse fastrpcgetargs uses findvma to look up the VMA for a user-provided pointer and compute a DMA...
CVE-2026-53159
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to findvma misuse fastrpcgetargs uses findvma to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA,...
UBUNTU-CVE-2026-53159
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to findvma misuse fastrpcgetargs uses findvma to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA,...
EUVD-2026-39250
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to findvma misuse fastrpcgetargs uses findvma to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA,...
CVE-2026-53159
CVE-2026-53159 affects the Linux kernel in the misc: fastrpc path. The vulnerability arises in fastrpc_get_args(), which uses find_vma() to locate the VMA for a user pointer and compute a DMA address offset. If the address lies in a gap before the returned VMA, the expression (ptr & PAGE_MASK) - ...
CVE-2026-43434
In the Linux kernel, the following vulnerability has been resolved: rustbinder: check ownership before using vma When installing missing pages or zapping them, Rust Binder will look up the vma in the mm by address, and then call vminsertpage or zappagerangesingle. However, if the vma is closed an...
UBUNTU-CVE-2025-71130
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915gemdoexecbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb-vmai.vma pointers to NULL, simplifying...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992285)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992285 advisory. In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the...
SUSE CVE-2022-50240
In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmaplock for later use. This is unsafe and there are a number of failure paths after the recorded VMA pointer may be freed during...
SUSE CVE-2023-52438
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
DEBIAN-CVE-2023-52438
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
UBUNTU-CVE-2023-52438
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...
CVE-2023-52438 binder: fix use-after-free in shinker's callback
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...