138 matches found
UBUNTU-CVE-2026-53341
In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked -mntns read in maydecodefh maydecodefh accesses mount::mntns without holding any locks; that means the mount can concurrently be unmounted, and the mntnamespace can concurrently be freed after an...
EUVD-2026-40975
In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked -mntns read in maydecodefh maydecodefh accesses mount::mntns without holding any locks; that means the mount can concurrently be unmounted, and the mntnamespace can concurrently be freed after an...
Linux Distros Unpatched Vulnerability : CVE-2026-52946
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in sendsigio and sendsigurg when a...
EUVD-2026-38814
In the Linux kernel, the following vulnerability has been resolved: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in sendsigio and sendsigurg when a process group receives a signal. When FASYNC is configured for a proces...
CVE-2026-52946
In the Linux kernel, the following vulnerability has been resolved: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in sendsigio and sendsigurg when a process group receives a signal. When FASYNC is configured for a proces...
PT-2026-51990
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF subsystem where the DEVMAP HASH branch in the dev map redirect multi function uses hlist for each entry safe to iterate through hash buckets. This function is...
PT-2026-51840
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur in the send sigio and send sigurg functions when a process group receives a signal. This happens because these functions use read lock&tasklist lock to traverse the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mptcp: The issue related to “slab-use-after-free” in inetlookupestablished has been fixed. The lookups in the ehash table are performed without locking, and they rely on SLABTYPESAFEBYRCU to ensure the stability of socket memory...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: NFS/localio: Fixed a race condition in nfslocalopenfh Once the clp-cluuid.lock is dropped, another CPU may come in and free the structnfsdfile that was just added. To prevent this from happening, take the RCU read lock before...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: Fixed the issue where xasretry was missing in the fscache mode. The xarray iteration only holds the RCU read lock; therefore, an XARETRYENTRY may be encountered if a process modifies the xarray concurrently. This would lea...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the issue where the timer for starting a call race against the destruction of the call occurred. The rxrpccall structure contains a timer used to handle various timed events related to calls. This timer can be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for missing rcu protection. When removing the rcureadlock from bondethtoolgettsinfo, I didn’t realize that it could also be called via setsockopt, which does not hold a rcu lock. As pointed out by syzbot: Stack trace...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mctp: Route lookups now perform under a RCU read-side lock. Our current route lookups mctproutelookup and mctproutelookupnull traverse the network’s route list without holding the RCU read lock. This means that the route lookups...
Astra Linux – Vulnerabilities in Linux, Linux-6.1, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: BPF: Check rcureadlockTraceheld before calling BPF map helpers. These three BPFmaplookup,update,deleteelem helpers are also available for sleepable BPF programs. Therefore, add the corresponding lock assertion for sleepable BP...
CVE-2026-46319
In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...
CVE-2026-46319 net/sched: act_ct: Only release RCU read lock after ct_ft
In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...
EUVD-2026-35409
In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...
kernel: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld in bpfmaplookuppercpuelem bpfmaplookuppercpuelem helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpfmaplookuppercpuelem will not be inlined. Using...
CVE-2026-43016
The CVE-2026-43016 entries describe a use-after-free in the Linux kernel BPF sockmap path (sockmap) affecting AF_UNIX sockets. The issue occurs in sk_psock_verdict_data_ready(), when the peer’s sk_socket may be freed after an RCU grace period, while the sender holds the peer’s refcount. The root ...
CVE-2026-31669
The CVE-2026-31669 entry pertains to the Linux kernel MPTCP code. A use-after-free could occur in IPv6 subflow sockets due to premature copying of tcpv6_prot into tcpv6_prot_override during early init, before proto_register(&tcpv6_prot) and its SLAB_TYPESAFE_BY_RCU cache is established. Consequen...