15 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for leaking uninitialized memory in the fast-commit journal When space at the end of the fast-commit journal blocks is unused, make sure to zero it out so that uninitialized memory is not leaked to the disk...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed the kernel stack leak in irdmacreateuserah. struct irdmacreateahresp // 8 bytes, no padding u32 ahid; // Offset 0 – SET uresp.ahid = ah-scah.ahinfo.ahidx u8 rsvd4; // Offset 4 – NEVER SET - LEAK ; The rsvd4 fiel...
CVE-2026-43089
In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildmapping struct xfrmusersaid has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out to userspace. Fix that up by zeroing out the whole structur...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011109)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011109 advisory. In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel...
AZL-78452 CVE-2026-22978 affecting package kernel for versions less than 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iwpoint struct iwpoint has a 32bit hole on 64bit arches. struct iwpoint void user pointer; / Pointer to the data in user space / u16 length; / number of fields or size in bytes / u16 flags;...
PT-2026-4478
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the iw point structure within the Wi-Fi subsystem. The iw point structure contains a 32-bit hole on 64-bit architectures. This can lead to th...
CVE-2025-68727
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by getname Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN...
Write-what-where Condition
Overview Affected versions of this package are vulnerable to Write-what-where Condition via the btconntxprocessor function. An attacker can achieve precise memory corruption by triggering a use-after-free condition that allows writing attacker-controlled data before memory is zeroed. Remediation...
CVE-2025-39684 comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized memory in doinsnioctl and doinsnlistioctl syzbot reports a KMSAN kernel-infoleak in doinsnioctl. A kernel buffer is allocated to hold insn-n samples each of which is an unsigned int. For some...
kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...
SUSE CVE-2023-53059
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger insize in struct croseccommand1 when invoking EC host commands. Fix it by using zeroed memory. 1:...
CVE-2024-57907 iio: adc: rockchip_saradc: fix information leak in triggered buffer
In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchipsaradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses...
Important: kernel
Issue Overview: Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend...
DEBIAN-CVE-2022-26365
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
Tor: [tor] pre-emptive defenses, potential vulnerabilities
Replacing all tormalloc calls with torcalloc and tormalloczero ============================================================== Zeroing memory upon allocating it will prevent vulnerabilities that consist of transmitting data buffers which are not wholly initialized with the intended data or contain...