kernel: wifi: rtw88: use work to update rate to avoid RCU warning

A flaw was identified in the Linux kernel’s rtw88 Wi-Fi driver drivers/net/wireless/realtek/rtw88 where the ieee80211ops::starcupdate callback was invoked within a Read-Copy-Update RCU read-side critical section without proper atomicity or deferral. The ieee80211chanbwchange function holds an RCU...

kernel: net/mlx5e: Fix deadlock in tc route query code

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlock in tc route query code Cited commit causes ABBA deadlock0 when peer flows are created while holding the devcom rw semaphore. Due to peer flows offload implementation the lock is taken much higher up the ca...

kernel: rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()

A lockdep warning was found in the Linux kernel's RCU subsystem. The rcuforcequiescentstate function incorrectly uses thiscpuread in preemptible code context. This macro requires preemption to be disabled, but the code can be called from preemptible context during rcutorture testing, triggering a...

kernel: net/mlx5e: Fix deadlock in tc route query code

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlock in tc route query code Cited commit causes ABBA deadlock0 when peer flows are created while holding the devcom rw semaphore. Due to peer flows offload implementation the lock is taken much higher up the ca...

PT-2025-41115

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc1 Description The Linux kernel contains a flaw related to SRCU Sub Read Copy Update. A commit assumed that CPU 0 is always online, but this is not always the case, particularly when booting a kdump kernel...

PT-2025-37562

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL dereference issue was identified and resolved in the Linux kernel's raw get next function. This issue stemmed from parallel execution sequences potentially freeing a socket while...

UBUNTU-CVE-2023-4610

Rejected reason: The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/[email protected] and https://bugzilla.suse.com/showbug.cgi?id=1215932 for more information...

PT-2025-53190

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-rc4-rt2-yocto-preempt-rt+ 15 Description The Linux kernel contained a flaw related to memory information dumping within the RCU Read-Copy-Update subsystem. Specifically, when call rcu was invoked multiple...

SUSE CVE-2023-32246

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcubarrier in ksmbdserverexit racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcubarrier is not called at module unload time, so nothing prevents ksmbd from getting unloaded...

kernel: mt76: fix use-after-free by removing a non-RCU wcid pointer

A vulnerability was found in the Linux kernel's mt76 wi-fi driver. A concurrency bug causes the mtxq TX queue to maintain a raw pointer to a wcid structure mtxq-wcid that might be freed by the time it is accessed. This issue can lead to a use-after-free scenario, leading to system instability,...

kernel: wifi: mac80211: Fix UAF in ieee80211_scan_rx()

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211scanrx ieee80211scanrx tries to access scanreq-flags after a null check, but a UAF is observed when the scan is completed and ieee80211scancompleted executes, which then calls cfg80211scandone...

kernel: netfilter: nf_tables: netlink notifier might race to release objects

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: netlink notifier might race to release objects commit release path is invoked via callrcu and it runs lockless to release the objects after rcu grace period. The netlink notifier handler might win race to...

kernel: mt76: fix use-after-free by removing a non-RCU wcid pointer

A vulnerability was found in the Linux kernel's mt76 wi-fi driver. A concurrency bug causes the mtxq TX queue to maintain a raw pointer to a wcid structure mtxq-wcid that might be freed by the time it is accessed. This issue can lead to a use-after-free scenario, leading to system instability,...

SUSE CVE-2006-1523

The groupcompletesignal function in the RCU signal handling signal.c in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUGON...

SUSE CVE-2015-1465

The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update RCU grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service memory consumption or system crash via a flood of...

SUSE CVE-2019-19036

btrfsrootnode in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcudereferenceroot-node can be zero...

PT-2023-33146 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue concerns the nvme ns head list in the Linux Kernel, specifically with regards to SRCU protection. The actual impact and potential for attack have not been proven yet...

PT-2025-37672

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.25-android14-5-maybe-dirty-mainline Description The Linux kernel contained an issue where the detection of atomic context was insufficient, potentially leading to problems when z erofs decompressqueue endio w...

kernel: inet: fully convert sk->sk_rx_dst to RCU rules

A use-after-free vulnerability was found in the TCP IP protocol in the Linux Kernel, where a delete operation of the RCU-protected pointer is supposed to clear the pointer before the callrcu/synchronizercu guarding the actual memory freeing. This flaw allows a local attacker to crash the system o...

kernel: inet: fully convert sk->sk_rx_dst to RCU rules

A use-after-free vulnerability was found in the TCP IP protocol in the Linux Kernel, where a delete operation of the RCU-protected pointer is supposed to clear the pointer before the callrcu/synchronizercu guarding the actual memory freeing. This flaw allows a local attacker to crash the system o...