93 matches found
CVE-2026-53153
CVE-2026-53153 affects the Linux kernel memcg list_lru path. A race during memcg_reparent_list_lrus() clears the dying memcg’s xarray entry before reparenting per-node lists, letting concurrent list_lru_del/walk operate on the parent and corrupt next/prev pointers. The fix reverses the order: rep...
CVE-2026-53071 Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Add missing chan lock in l2capecredreconfrsp l2capecredreconfrsp calls l2capchandel without holding l2capchanlock. Every other l2capchandel caller in the file acquires the lock first. A remote BLE device can sen...
CVE-2026-53071
CVE-2026-53071 concerns the Linux kernel Bluetooth L2CAP implementation. The flaw arises when l2cap_ecred_reconf_rsp() deletes a channel without holding l2cap_chan_lock(), unlike other callers which acquire the lock first. This can allow a remote BLE device to corrupt the channel list while anoth...
PT-2026-51121
Name of the Vulnerable Software and Affected Versions SpiceDB versions prior to 1.54.0 Description Under concurrency, the CheckPermission and CheckBulkPermissions functions can incorrectly return PERMISSIONSHIP HAS PERMISSION instead of PERMISSIONSHIP CONDITIONAL PERMISSION for a specific resourc...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from the vgicitsinvalidatecache function, which incorrectly places an iteration pointer ...
CVE-2026-45151
NanoMQ (0.24.8 and earlier) contains a NULL substream pointer dereference in quic_stream_recv when a substream is reopening. The vulnerable code finishes AIO with an error but does not return before locking c->mtx, indicating a potential NULL dereference and an unlocked/locked state issue in t...
CVE-2026-46210
In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmtsrc during MBPF check During concurrency testing, multiple instances can run in parallel, and each instance uses its own inst-lock while the core-lock protects the list of active instances. T...
CVE-2026-43981
CVE-2026-43981 affects Algernon, a small self-contained Go web server. In versions prior to 1.17.6, a race condition exists in engine/luahandler.go: the sync.RWMutex protecting LoadCommonFunctions is released before L.Push() and L.PCall() execute. Since gopher-lua’s LState is not goroutine-safe, ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix for a race condition in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes that bqenqueue and...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fixed a possible NULL pointer dereferencing caused by driver concurrency. In dwc2hcdurbenqueue, the statement “urb-hcpriv = NULL” is executed without holding the lock “hsotg-lock”. In dwc2hcdurbdequeue: c...
SUSE CVE-2026-43111
In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccatreportevent roccatreportevent iterates over the device-readers list without holding the readerslock. This allows a concurrent roccatrelease to remove and free a reader while it's still bei...
CVE-2026-43143
A flaw was found in the Linux kernel's multi-function device mfd core module. The mfdofnodelist lacked proper locking mechanisms, allowing for unsafe manipulation of the list. This concurrency issue could lead to system crashes, resulting in a Denial of Service DoS...
EUVD-2026-16222
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race C++ UB triggered by an A 1-phase ↔ 3-phase switch request acswitchthreephaseswhilecharging during charging/waiting executes concurrently with the state machine loop. Version 2026.02.0 contains a patch...
SUSE CVE-2026-23369
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpilock with I2C bus lock" This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. Under rare circumstances, multiple udev threads can collect i801 device info on boot and walk...
UBUNTU-CVE-2026-25959
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfcliprdrprovidedata passes freed pDstData to XChangeProperty because the cliprdr channel thread calls xfcliprdrserverformatdataresponse which converts and uses the clipboard data without holding any lock,...
CVE-2026-26201
emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process cra...
CVE-2026-24040 jsPDF has a Shared State Race Condition in addJS Plugin
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. ...
SUSE CVE-2023-54068
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to call f2fswaitonpagewriteback in f2fswriterawpages BUGON will be triggered when writing files concurrently, because the same page is writtenback multiple times. 1597 void folioendwritebackstruct folio folio...
CVE-2022-50764
The CVE-2022-50764 entry concerns a Linux kernel issue in ipv6/sit where dev->stats.tx_error data-races occur because sit tunnels are NETIF_F_LLTX and not protected by a spinlock. The root cause is multiple CPUs updating tx_error concurrently, with the fix implemented as DEV_STATS_INC() to avo...
CVE-2023-54032
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting quota root from the dirty cow roots list When disabling quotas we are deleting the quota root from the list fsinfo-dirtycowonlyroots without taking the lock that protects it, which is struct...