94 matches found
CVE-2026-10669 Xtensa MPU `arch_buffer_validate()` integer-overflow lets a user thread bypass syscall pointer validation
On Xtensa SoCs built with CONFIGXTENSAMPU and CONFIGUSERSPACE, archbuffervalidate in arch/xtensa/core/mpu.c — the architecture hook that verifies a user-mode-supplied buffer is accessible to the calling user thread with the requested permission — defaulted its return value to 0 access permitted a...
CVE-2026-10669 Xtensa MPU `arch_buffer_validate()` integer-overflow lets a user thread bypass syscall pointer validation
On Xtensa SoCs built with CONFIGXTENSAMPU and CONFIGUSERSPACE, archbuffervalidate in arch/xtensa/core/mpu.c — the architecture hook that verifies a user-mode-supplied buffer is accessible to the calling user thread with the requested permission — defaulted its return value to 0 access permitted a...
CVE-2026-10669
Summary (CVE-2026-10669) : On Xtensa SoCs with CONFIG_XTENSA_MPU and CONFIG_USERSPACE, arch_buffer_validate() erroneously permits access when the buffer size rounds to a wrap of the 32-bit address space, bypassing MPU checks. This can let an unprivileged user-thread validate or copy memory it sho...
CVE-2026-10635
On Xtensa targets with CONFIGUSERSPACE and CONFIGXTENSAMMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensadomainlist, of active memory domains using a list node embedded inside the caller-owned struct kmemdomain. When a domain is destroyed via kmemdomaindeinit -...
EUVD-2026-37036
On Xtensa targets with CONFIGUSERSPACE and CONFIGXTENSAMMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensadomainlist, of active memory domains using a list node embedded inside the caller-owned struct kmemdomain. When a domain is destroyed via kmemdomaindeinit -...
CVE-2026-10635
CVE-2026-10635 affects Zephyr v4.4.0 on Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU. The bug arises when destroying a memory domain via k_mem_domain_deinit(): the page-table code keeps a global xtensa_domain_list entry for the domain, but the node is not removed, leaving a dangling...
CVE-2026-10635 Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init
On Xtensa targets with CONFIGUSERSPACE and CONFIGXTENSAMMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensadomainlist, of active memory domains using a list node embedded inside the caller-owned struct kmemdomain. When a domain is destroyed via kmemdomaindeinit -...
CVE-2026-10635 Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init
On Xtensa targets with CONFIGUSERSPACE and CONFIGXTENSAMMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensadomainlist, of active memory domains using a list node embedded inside the caller-owned struct kmemdomain. When a domain is destroyed via kmemdomaindeinit -...
PT-2026-49610
On Xtensa targets with CONFIG USERSPACE and CONFIG XTENSA MMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensa domain list, of active memory domains using a list node embedded inside the caller-owned struct k mem domain. When a domain is destroyed via k mem domain...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: xtensa: xtfpga: Fixed a refcount leak bug in setup. In machinesetup, offindcompatiblenode will return a node pointer with the refcount incremented. We should use ofnodeput when it is no longer needed...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: xtensa: Fixed the refcount leak issue in the time.c file. In calibccount, the offindcompatiblenode function will return a node pointer with the refcount incremented. We should use ofnodeput when this function is no longer need...
USN-8095-1 linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: added input size checking in procwritesimdisk A malicious user could potentially enter an arbitrarily bad value into memdupusernul, which might cause the kernel to crash. This follows the same pattern as the patc...
USN-8029-3: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...
Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-8048-1)
The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8048-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...
USN-8048-1 linux-oem-6.17 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...
USN-8048-1: Linux kernel (OEM) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...
Ubuntu 25.10 : Linux kernel (GCP) vulnerabilities (USN-8030-1)
The remote Ubuntu 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8030-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...
USN-8030-1 linux-gcp vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...
USN-8029-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...