1060 matches found
CVE-2026-53157 net: phonet: free phonet_device after RCU grace period
In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonetdevice after RCU grace period phonetdevicedestroy removes a phonetdevice from the per-net device list with listdelrcu, but frees it immediately. RCU readers walking the same list can still hold a pointer t...
PT-2026-52342
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk eth soc: Fix use-after-free in metadata dst teardown mtk free dev calls metadata dst free which frees the metadata dst with kfree immediately, bypassing the RCU grace period. In the RX path, skb dst set noref...
EUVD-2026-38815
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port is removed from the qrtrports XArray and before the RCU grace period...
CVE-2026-53128
In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbdadmdumpdevices Make drbdadmdumpdevices call rcureadlock before rcureadunlock is called. This has been detected by the Clang thread-safety analyzer...
CVE-2026-53096
In the Linux kernel, the following vulnerability has been resolved: bpf: Use RCU-safe iteration in devmapredirectmulti SKB path The DEVMAPHASH branch in devmapredirectmulti uses hlistforeachentrysafe to iterate hash buckets, but this function runs under RCU protection called from...
CVE-2026-52975
In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...
EUVD-2026-38996
In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbdadmdumpdevices Make drbdadmdumpdevices call rcureadlock before rcureadunlock is called. This has been detected by the Clang thread-safety analyzer...
CVE-2026-53128
CVE-2026-53128 affects the Linux kernel DRBD path, specifically drbd_adm_dump_devices(). The root cause is that rcu_read_lock() was not held across the RCU read section before rcu_read_unlock(), as flagged by the Clang thread-safety analyzer. The CVE is tracked in OSV and Debian advisories, with ...
EUVD-2026-38974
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not allow deleting local storage in NMI Currently, local storage may deadlock when deferring freeing selem or local storage through kfreercu, callrcu or callrcutaskstrace in NMI or reentrant. Since deleting selem in NMI i...
CVE-2026-53106
CVE-2026-53106 affects the Linux kernel BPF storage deletion flow. The issue arises when local storage is freed via kfree_rcu(), call_rcu(), or call_rcu_tasks_trace() in NMI or reentrant contexts, which can lead to a deadlock. The documented mitigation in NMI is to return an error from bpf_xxx_st...
CVE-2026-53096
CVE-2026-53096 affects Linux kernel code path in BPF dev_map_redirect_multi() where DEVMAP_HASH uses hlist_for_each_entry_safe() under RCU protection. The function iterates hash buckets without rcu_dereference(), exposing risk of partially constructed nodes on weakly-ordered architectures (ARM64,...
CVE-2026-53096 bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path
In the Linux kernel, the following vulnerability has been resolved: bpf: Use RCU-safe iteration in devmapredirectmulti SKB path The DEVMAPHASH branch in devmapredirectmulti uses hlistforeachentrysafe to iterate hash buckets, but this function runs under RCU protection called from...
CVE-2026-53011
The CVE-2026-53011 issue affects the Linux kernel net/sched taprio code. In advance_sched(), when should_change_schedules() is true, switch_schedules() promotes the admin schedule to oper and queues the old oper for RCU freeing, but next may still point into the old oper. The subsequent end_time ...
CVE-2026-52975 bonding: 3ad: implement proper RCU rules for port->aggregator
In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...
CVE-2026-52975
In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...
CVE-2026-52947 net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port is removed from the qrtrports XArray and before the RCU grace period...
CVE-2026-52946
Summary of CVE-2026-52946 (Linux kernel) Root cause: A SOFTIRQ-unsafe lock order deadlock occurs in fasync signaling for process groups when signals are delivered. Specifically, send_sigio() and send_sigurg() traverse the task list under read_lock(&tasklist_lock) from softirq context, which can d...
CVE-2026-52946 fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling
In the Linux kernel, the following vulnerability has been resolved: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in sendsigio and sendsigurg when a process group receives a signal. When FASYNC is configured for a proces...
UBUNTU-CVE-2026-52938
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL pointer dereference in bpfskstorageclone and diag paths bpfselemunlinknofail sets SDATAselem-smap to NULL before removing the selem from the storage hlist. A concurrent RCU reader in bpfskstorageclone can observe th...
EUVD-2026-38728
In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...