Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fixed the kernel data leak caused by ioctl. It is possible to view the data of kernel pages by providing a larger value for insize in struct croseccommand1 when invoking EC host commands. This issu...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Drivers: Virt: Acrn: Hsm: Use kzalloc to avoid information leakage in pmcmdioctl. In the “pmcmdioctl” function, three memory objects allocated by kmalloc are initialized using “hcallgetcpustate”. These objects are then copied to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006889)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006889 advisory. In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel...

CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdmacreateuserah struct irdmacreateahresp // 8 bytes, no padding u32 ahid; // offset 0 - SET uresp.ahid = ah-scah.ahinfo.ahidx u8 rsvd4; // offset 4 - NEVER SET - LEAK ; rsvd4: 4 bytes of sta...

CVE-2023-54317

The CVE-2023-54317 issue affects the Linux kernel when dm-flakey with corrupt-bio-writes operates on zero pages. The bug could cause corruption of the zero page during zeroing of a block device, leading to crashes because glibc assumes mmap’ed memory is zeroed (calloc may return non-zero data). T...

UBUNTU-CVE-2025-68365

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize allocated memory before use KMSAN reports: Multiple uninitialized values detected: - KMSAN: uninit-value in ntfsreadhdr 3 - KMSAN: uninit-value in bcmp 3 Memory is allocated by getname, which is a wrapper for...

Linux Distros Unpatched Vulnerability : CVE-2023-53059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kerne...

Linux Distros Unpatched Vulnerability : CVE-2022-50226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal t...

Linux Distros Unpatched Vulnerability : CVE-2024-38592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddpcomp with devmkcalloc In the case where connroutes is true we allocate...

CVE-2023-53059

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger insize in struct croseccommand1 when invoking EC host commands. Fix it by using zeroed memory. 1:...

CVE-2023-53059

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger insize in struct croseccommand1 when invoking EC host commands. Fix it by using zeroed memory. 1:...

DEBIAN-CVE-2023-53059

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger insize in struct croseccommand1 when invoking EC host commands. Fix it by using zeroed memory. 1:...

UBUNTU-CVE-2023-53059

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger insize in struct croseccommand1 when invoking EC host commands. Fix it by using zeroed memory. 1:...

CVE-2023-53059

CVE-2023-53059 :Vulnerability in the Linux kernel related to the Cros EC chardev path (platform/chrome) where an ioctl handling could leak kernel page data if a larger insize is provided in struct cros_ec_command when issuing EC host commands. The issue enables an information disclosure (confiden...

CVE-2023-53059 platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger insize in struct croseccommand1 when invoking EC host commands. Fix it by using zeroed memory. 1:...

CVE-2023-53059 platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger insize in struct croseccommand1 when invoking EC host commands. Fix it by using zeroed memory. 1:...

CVE-2025-38575

In CVE-2025-38575, the Linux kernel ksmbd memory handling was corrected: memory allocated by aead_request_alloc() must be freed with aead_request_free() to ensure sensitive crypto data is zeroed before freeing. This resolves a local-attack surface (AV:L/AC:L/PR:L/UI:N/S:U) with a MEDIUM base scor...

DEBIAN-CVE-2024-57911

In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iiosimplydummybuffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc and it is used to push data to user space from a triggered buffer, but it does not set values for inactive...

CVE-2024-57911 iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iiosimplydummybuffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc and it is used to push data to user space from a triggered buffer, but it does not set values for inactive...

AZL-51778 CVE-2024-49962 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ACPICA: check null return of ACPIALLOCATEZEROED in acpidbconverttopackage ACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 ACPIALLOCATEZEROED may fail, elements might be NULL and will cause NULL pointer dereference later...