Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ipv6: A bug in rt6getpcpuroute under PREEMPTRT has been fixed. On PREEMPTRT kernels, after rt6getpcpuroute returns NULL, the current task can be preempted. Another task running on the same CPU may then execute rt6makepcpuroute an...

SUSE CVE-2026-43244

In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in fraglist on partial sendmsg error Syzkaller reported a warning in kcmwritemsgs when processing a message with a zero-fragment skb in the fraglist. When kcmsendmsg fills MAXSKBFRAGS fragments in the curre...

CVE-2025-71295 fs/buffer: add alert in try_to_free_buffers() for folios without buffers

In the Linux kernel, the following vulnerability has been resolved: fs/buffer: add alert in trytofreebuffers for folios without buffers trytofreebuffers can be called on folios with no buffers attached when filemapreleasefolio is invoked on a folio belonging to a mapping with ASRELEASEALWAYS set...

CVE-2026-43244

CVE-2026-43244 affects the Linux kernel KCM (Kernel Connection Multiplexer). The issue arises during partial sendmsg operations: when kcm_sendmsg fills MAX_SKB_FRAGS, it allocates a new skb in frag_list and may copy data; if the copy fails, the new tail skb can have zero frags, leaving an empty e...

PT-2026-37460

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference can occur when filemap release folio is invoked on a folio belonging to a mapping with AS RELEASE ALWAYS set but without a defined release folio operation. In...

PT-2026-37584

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Kernel Connection Multiplexor KCM where a zero-fragment socket buffer skb can remain in the frag list during a partial sendmsg error. When kcm sendmsg fills the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: kprobes: Do not call disarmkprobe for disabled kprobes The assumption in disablekprobe is incorrect, and it may attempt to disarm a kprobe that is already disarmed, thereby triggering WARNONCE below. This issue can be easily...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: hsr: The WARNONCE function was removed from the sendhsrsupervisionframe function. Syzkaller reported 1 that a warning was issued after attempting to allocate resources for skb in hsrinitskb. Since calling WARNONCE does not...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38280)

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid bpfprogret0warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32...

CVE-2025-71080

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix a BUG in rt6getpcpuroute under PREEMPTRT On PREEMPTRT kernels, after rt6getpcpuroute returns NULL, the current task can be preempted. Another task running on the same CPU may then execute rt6makepcpuroute and successful...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993244 advisory. In the Linux kernel, the following vulnerability has been resolved: kprobes: don't call disarmkprobe for disabled kprobes The assumption in disablekprobe is wrong, a...

CVE-2022-50817

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone. While we are at it, replac...

UBUNTU-CVE-2022-50817

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone. While we are at it, replac...

CVE-2022-50817 net: hsr: avoid possible NULL deref in skb_clone()

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone. While we are at it, replac...

CVE-2022-50817

CVE-2022-50817 : Linux kernel vulnerability in the HSR path where a NULL pointer deference could occur in skb_clone(), triggered by a bug in hsr_get_untagged_frame(). The issue arises when create_stripped_skb_hsr() returns NULL and skb_clone() is still invoked. Documents consistently describe the...

CVE-2022-50817 net: hsr: avoid possible NULL deref in skb_clone()

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone. While we are at it, replac...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992276)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992276 advisory. In the Linux kernel, the following vulnerability has been resolved: kprobes: don't call disarmkprobe for disabled kprobes The assumption in disablekprobe is wrong, a...

SUSE CVE-2023-54145

In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARNONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes as of now, and there are at least two...

CVE-2023-54145

In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARNONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes as of now, and there are at least two...

CVE-2025-68221

CVE-2025-68221 affects the Linux kernel’s MPTCP address removal logic. The issue in mptcp_pm_nl_rm_addr stems from an inverted WARN_ON_ONCE condition, which caused the decrement path to run only when the counter was already 0 (abnormal state) and ignored normal removals (counter > 0). Exploita...