86 matches found
CVE-2026-46223
In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpuref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to satisfy the controller invariant that a subsystem's -cssoffline must not run while tasks are still doin...
EUVD-2026-32850
In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpuref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to satisfy the controller invariant that a subsystem's -cssoffline must not run while tasks are still doin...
CVE-2026-46170
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: free sk if last When an ADDADDR is retransmitted, the sk is held in skresettimer, and released at the end. If at that moment, it was the last reference being held, the sk would not be freed. sockput should...
SUSE CVE-2026-46008
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damoswalk vs kdamondfn exit race When kdamondfn main loop is finished, the function cancels remaining damoswalk request and unset the damonctx-kdamond so that API callers and API functions themselves can show t...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ntfs3: fixed a circular locking dependency in rununpackex. Syzbot reported a circular locking dependency between wnd-rwlock sbi-used.bitmap and ni-file.runlock. The deadlock scenario is as follows: 1. ntfsextendmft acquires...
EUVD-2026-28555
In the Linux kernel, the following vulnerability has been resolved: mm/slab: do not access current-memsallowedseq if !allowspin Lockdep complains when getfromanypartial is called in an NMI context, because current-memsallowedseq is seqcountspinlockt and not NMI-safe:...
CVE-2026-43382
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...
CVE-2026-43446
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...
CVE-2026-43382
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...
CVE-2026-43216
Summary of CVE-2026-43216 : In the Linux kernel, skb_may_tx_timestamp() could acquire sock::sk_callback_lock in IRQ context, risking a deadlock if the lock was already write-locked on the same CPU. The fix drops the lock and uses READ_ONCE() / WRITE_ONCE() to safely access and clear the pointers ...
PT-2026-37467
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A circular locking dependency exists in the ntfs3 component, specifically within the run unpack ex function. This issue occurs due to an AB-BA deadlock scenario where ntfs extend mft...
Astra Linux – Vulnerability in Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: i2c: lpi2c: Avoid calling clkgetrate during transfer Instead of repeatedly calling clkgetrate for each transfer, lock the clock rate and cache the value. A deadlock was observed when adding the tlv320aic32x4 audio codec to the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush the async PF workqueue when a vCPU is being destroyed. Whenever a vCPU clears its completion queue, i.e., when a VM and all its vCPUs are being destroyed, the async PF workqueue must always be flushed. KVM must...
Astra Linux – Vulnerability in Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: afbluetooth: Fixed deadlock issue Attempting to use socklock on .recvmsg may cause a deadlock as shown below. Therefore, instead of using socksock, use skreceivequeue.lock on btsockioctl to avoid UAF: INFO: Task...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix multiple LUNRESET handling This fix addresses a bug where the initiator assumes that a LUNRESET has cleaned up running commands, when in fact it hasn’t. The bug was introduced in commit 51ec502a3266 “target:...
CVE-2026-31486
The CVE-2026-31486 entry concerns the Linux kernel hwmon/pmbus/core regulator operations (get_voltage, set_voltage, list_voltage) not being mutex-protected, risking race conditions when accessing PMBus registers and shared data. The fix reworks pmbus_regulator_notify() to perform notifications vi...
Linux Distros Unpatched Vulnerability : CVE-2026-31486
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hwmon: pmbus/core Protect regulator operations with mutex The regulator operations pmbusregulatorgetvoltage, pmbusregulatorsetvoltage, and...
net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
...
CVE-2026-23368
In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy ledtriggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDSTRIGGERNETDEV and LEDTRIGGERPHY are enabled: 1362.049207 ledtriggerregister+0x5c/0x1fc...
CVE-2025-71233
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes. The crash...