[SECURITY] Fedora 44 Update: libre-4.8.1-1.fc44

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

CVE-2026-45151

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000867)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000867 advisory. The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows loca...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000805)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000805 advisory. Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecifie...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002075)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002075 advisory. The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows loca...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002276)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002276 advisory. The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows loca...

DEBIAN-CVE-2025-40220

In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor, and closes the fi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990582)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990582 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit ocfs2: return real error code in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989966)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989966 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit ocfs2: return real error code in...

Siemens SIMATIC Devices Improper Handling of Structural Elements (CVE-2024-35815)

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the struct aiokiocb conversion The first kiocbsetcancelfn argument may point at a struct kiocb that is not embedded inside struct aiokiocb. With the current code, depending on the compiler, the...

DEBIAN-CVE-2023-53344

In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup: fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...

Linux Distros Unpatched Vulnerability : CVE-2023-53111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - loop: Fix use-after-free issues doreqfilebacked calls blkmqcompleterequest synchronously or asynchronously when using asynchronous I/O unless memory allocation...

SUSE CVE-2023-53111

In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues doreqfilebacked calls blkmqcompleterequest synchronously or asynchronously when using asynchronous I/O unless memory allocation fails. Hence, modify loophandlecmd such that it does not dereference...

CVE-2023-53111

In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues doreqfilebacked calls blkmqcompleterequest synchronously or asynchronously when using asynchronous I/O unless memory allocation fails. Hence, modify loophandlecmd such that it does not dereference...

UBUNTU-CVE-2023-53111

In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues doreqfilebacked calls blkmqcompleterequest synchronously or asynchronously when using asynchronous I/O unless memory allocation fails. Hence, modify loophandlecmd such that it does not dereference...

CVE-2025-21643

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel async DIO Netfslib needs to be able to handle kernel-initiated asynchronous DIO that is supplied with a biovec array. Currently, because of the async flag, this gets passed to netfsextractuseriter which throws a...

SUSE CVE-2024-40943

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit "ocfs2: return real error code in ocfs2diowrgetblock", fstests/generic/300 become from always failed to sometimes failed:...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention condition issue in the ocfs2 filesystem when handling AIO+DIO with hole-punching operations,...

SUSE CVE-2024-36894

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fix race between aiocancel and AIO request complete FFS based applications can utilize the aiocancel callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application...

SUSE CVE-2024-35815

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the struct aiokiocb conversion The first kiocbsetcancelfn argument may point at a struct kiocb that is not embedded inside struct aiokiocb. With the current code, depending on the compiler, the...