EUVD-2026-38858

In the Linux kernel, the following vulnerability has been resolved: fsnotify: fix inode reference leak in fsnotifyrecalcmask fsnotifyrecalcmask fails to handle the return value of fsnotifyrecalcmask, which may return an inode pointer that needs to be released via fsnotifydropobject when the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: Defer the garbage collection of registered files to iouring’s responsibility. Instead of having unixgc handle the registered files of iouring, we want iouring to handle them itself. The key here is to consider the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fixed incorrect page reference counting. The kTLS transaction handling code uses a combination of getpage and pagerefinc APIs to increment page references. However, in the release path...

media: mtk-jpeg: fix use-after-free in release path due to uncancelled work

...

SUSE CVE-2026-46011

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

CVE-2026-46051

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix soft lockup in retryalignedread When retryalignedread encounters an overlapped stripe, it releases the stripe via raid5releasestripe which puts it on the lockless releasedstripes llist. In the next raid5d loop...

CVE-2026-46011

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

UBUNTU-CVE-2026-46011

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

EUVD-2026-32308

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

CVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled work

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

CVE-2026-46011

Summary (CVE-2026-46011, Linux kernel, media: mtk-jpeg): A use-after-free in the mtk-jpeg driver arises when the release path frees the context (ctx) without cancelling pending/running work in ctx->jpeg_work, creating a race with the workqueue accessing freed memory. The race occurs during clo...

CVE-2026-46011

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

CVE-2026-46011

media: mtk-jpeg: fix use-after-free in release path due to uncancelled work...

PT-2026-43878

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the mtk jpeg release function. The function frees the context structure ctx without cancelling pending or running work in ctx-jpeg work. This creates a race...

SUSE CVE-2026-43128

In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dmabufunpin in failure path In ibumemdmabufgetpinnedwithdmadevice, the call to ibumemdmabufmappages can fail. If this occurs, the dmabuf is immediately unpinned but the umemdmabuf-pinned flag is still set...

EUVD-2026-27691

In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dmabufunpin in failure path In ibumemdmabufgetpinnedwithdmadevice, the call to ibumemdmabufmappages can fail. If this occurs, the dmabuf is immediately unpinned but the umemdmabuf-pinned flag is still set...

CVE-2026-43128

Summary: CVE-2026-43128 affects the Linux kernel RDMA/umem subsystem. In ib_umem_dmabuf_get_pinned_with_dma_device(), if ib_umem_dmabuf_map_pages() fails, the code previously unpinned the dmabuf immediately while the umem_dmabuf->pinned flag remained set, causing a potential double dma_buf_unp...

EUVD-2026-26566

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisprelease linedisprelease currently retrieves the enclosing struct linedisp via tolinedisp. That lookup depends on the attachment list, but the attachment may already have...

CVE-2026-31576

In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free memory after the device is registered in hackrfprobe In hackrf driver, the following race condition occurs: CPU0 CPU1 hackrfprobe kzalloc; // alloc hackrfdev .... v4l2deviceregister; .... fd =...

CVE-2026-31584

CVE-2026-31584 - Linux kernel (MediaTek vcodec) use-after-free in encoder release path : The fops_vcodec_release() frees the context (ctx) without cancelling or synchronizing pending/running encode work, allowing the mtk_venc_worker to dereference freed ctx. Root cause: v4l2_m2m_ctx_release() wai...