209 matches found
CVE-2026-43088
In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mm: Fix unexpected zeroed page mapping with zram swap In cases where two processes are cloning under CLONEVM, a user process may be corrupted when zeroed pages are unexpectedly displayed. CPU A | CPU B --- | --- doswappage |...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Check for a null return value from ACPIALLOCATEZEROED in acpidbconverttopackage. ACPICA commit number: 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 The ACPIALLOCATEZEROED function may fail; the elements involved might be NULL...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Added a check for the return value of getzeroedpage. Also, added a check for the return value of getzeroedpage in sclpconsoleinit to prevent null pointer dereferencing. Furthermore, to address the memory leak caused by...
CVE-2026-31671
In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...
CVE-2026-31671
In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013102)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013102 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiexhistogramread Always free the zeroed page on return from...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013227)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013227 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: ACPICA: check null return of ACPIALLOCATEZEROED in acpidbdisplayobjects ACPICA commit...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006889)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006889 advisory. In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007404)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007404 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiexhistogramread Always free the zeroed page on return from...
CVE-2026-23335
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdmacreateuserah struct irdmacreateahresp // 8 bytes, no padding u32 ahid; // offset 0 - SET uresp.ahid = ah-scah.ahinfo.ahidx u8 rsvd4; // offset 4 - NEVER SET - LEAK ; rsvd4: 4 bytes of sta...
UBUNTU-CVE-2026-23335
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdmacreateuserah struct irdmacreateahresp // 8 bytes, no padding u32 ahid; // offset 0 - SET uresp.ahid = ah-scah.ahinfo.ahidx u8 rsvd4; // offset 4 - NEVER SET - LEAK ; rsvd4: 4 bytes of sta...
CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdmacreateuserah struct irdmacreateahresp // 8 bytes, no padding u32 ahid; // offset 0 - SET uresp.ahid = ah-scah.ahinfo.ahidx u8 rsvd4; // offset 4 - NEVER SET - LEAK ; rsvd4: 4 bytes of sta...
CVE-2026-23335
CVE-2026-23335: Linux kernel RDMA/irdma create_user_ah() leak resolved. Root cause: the irdma_create_ah_resp struct contained 4 bytes (rsvd) that were never zeroed, leaking stack memory prior to ib_respond_udata(). Affected code paths thus exposed uninitialized stack content (4 bytes) in the resp...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005488)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005488 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: check null return of ACPIALLOCATEZEROED in acpidbconverttopackage ACPICA commit...
Azure Linux 3.0 Security Update: kernel (CVE-2025-37883)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37883 advisory. - In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for getzeroedpage A...
MiracleLinux 8 : go-toolset:rhel8 (AXSA:2024-8888:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8888:01 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 9 : golang-1.21.13-4.el9_4 (AXSA:2024-8885:08)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8885:08 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 9 : git-lfs-3.6.1-1.el9 (AXSA:2025-10212:04)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10212:04 advisory. golang: crypto/tls: panic when processing post-handshake message on QUIC connections CVE-2023-39321 golang: crypto/tls: lack of a limit on buffered...
PT-2026-27700
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel stack leak exists in the irdma create user ah function within the RDMA/irdma component. The rsvd4 member of the irdma create ah resp structure leaks 4 bytes of stack memory...