kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers

A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...

Concurrent Ruby - ReadWriteLock allows wrong-thread write release and stray read-release counter corruption

Summary Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still...

CVE-2026-46056

A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...

CVE-2026-45977

The CVE-2026-45977 issue affects the Linux kernel fbnic driver. A race in handling firmware logs can cause a use‑after‑free: fw_log is written in fbnic_fw_log_write() and can be accessed from the mailbox handler fbnic_fw_msix_intr(), but the log data is freed during IRQ/MBX teardown, potentially ...

@sveltejs/kit: `query.batch` cross-talk

query.batch could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure...

CVE-2026-42002

Concurrency and locking defects in GSS-TSIG...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: prevented races in -queryinterfaces It was possible for two query interfaces to simultaneously attempt to update the interfaces. This issue can be avoided by checking and updating ifacelastupdate under ifacelock...

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

CVE-2026-43484

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...

CVE-2026-43484 mmc: core: Avoid bitfield RMW for claim/retune flags

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

Parse Server 竞争条件问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were vulnerabilities due to concurrency issues in versions of Parse Server prior to 8.6.76 and 9.9.0-alpha.2. These vulnerabilities stemmed from concurrency...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: The issue was fixed in the concurrently setting of insnemulation sysctls. The emulationprochandler function changes table-data for procdointvecminmax. However, it may cause an OOPs error if called concurrently with itself:...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: Fixed the issue where f2fswaitonpagewriteback was called in f2fswriterawpages. A BUG will be triggered when writing files concurrently, because the same page may be written back multiple times. The bug occurs at...

CVE-2026-31592

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine subsystem. A local user could exploit a concurrency issue by failing to properly protect the sevmemencregisterregion function with the kvm-lock. This can lead to an unstable state if KVM initialization fails, resulting in a...

DEBIAN-CVE-2026-31551

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix staticbranchdec underflow for aqldisable. syzbot reported staticbranchdec underflow in aqlenablewrite. 0 The problem is that aqlenablewrite does not serialise concurrent writes to the debugfs. aqlenablewrite...

CVE-2026-40943 Oxia: Server crash via race condition in session heartbeat handling

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

PT-2026-32345

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the bond xmit broadcast function. The function reuses the original socket buffer skb for the last slave and clones it for others. However, concurrent sla...

freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event

A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...

CVE-2025-47374

Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling...