548 matches found
UBUNTU-CVE-2026-53239
In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...
EUVD-2026-39191
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix use-after-free on firstskb in inputprocesspayload inputprocesspayload stores firstskb into xtfs-ranewskb under droplock when starting partial reassembly, then unlocks and breaks out of the processing loop. The...
CVE-2026-53197
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfsdestroystate iptfsdestroystate calls hrtimercancel while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems. For the output timer iptfstimer...
CVE-2026-53158 misc: fastrpc: Fix NULL pointer dereference in rpmsg callback
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback A NULL pointer dereference was observed on Hawi at boot when the DSP sends a glink message before fastrpcrpmsgprobe has completed initialization: Unable to handle kern...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: Use spinlockirqsave in adjustinuseandcalccost. The adjustinuseandcalccost function uses spinlockirq, and IRQ will be enabled when unlocking. A DEADLOCK may occur if other locks are held and IRQs are disabled before...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: SELinux: The use of both GFPKERNEL and GFPATOMIC in convertcontext was enabled. The following warning was triggered in a hardware environment: SELinux: Converting 162 SID table entries... BUG: The sleeping function was called...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Use spinlock to avoid hangs. 14696.634553 Task: cat State: D Stack: 0 PID:1613738 PPID:1613735 Flags:0x00000004 14696.638285 Call Trace: 14696.639038 14696.640032 schedule+0x302/0x930 14696.640969 schedule+0x58/0xd0...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RISCV: Fixed a race condition when vmap stack overflow occurs. Currently, when detecting vmap stack overflow, RISCV first switches to the so-called shadow stack, and then uses this shadow stack to call getoverflowstack, in order ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the isotprcv function, there is a potential issue where race conditions may occur during CAN frame reception. When receiving a CAN frame, the current code logic does not take into account processes that are not actually runnin...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rustbinder: The spinlock call in rustshrinkfreepage has been removed. When porting Rust Binder to version 6.18, I overlooked including the commit fb56fdf8b9a2 “mm/listlru: split the lock to per-cgroup scope” in the consideration...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: Do not enable IRQ from syncprintobj. Since the commit a6aa8fca4d79 “dma-buf/sw-sync: Reduce irqsave/irqrestore from known context” was made, it accidentally replaced spinunlockirqrestore with spinunlockirq for bo...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgrlock The smpcallfunction always runs its callback in a hard IRQ context, even when running under PREEMPTRT, where spinlocks may be in a sleeping state. Therefore, we need to use a raw...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: ufs: core: mcq: Fix for the deadlock issue caused by &hwq-cqlock When the ufscdhandler function is executed, the CQ event interrupt may enter a waiting state for the same lock. This can occur in ufscdhandlemcqcqevents an...
UBUNTU-CVE-2026-46298
In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix race with interrupt handler While executing -ioctl handler or -release handler, if an interrupt fires on the same cpu, then we can enter into a deadlock. This patch fixes both these handlers to take...
CVE-2026-46298
CVE-2026-46298 : In the Linux kernel, a race during ioctl or release handling on pseries/papr-hvpipe could deadlock if an interrupt fires on the same CPU. The fix makes the affected lock usage use spin_lock_irqsave/restore to prevent the deadlock. The issue is resolved by the patch in the cited s...
PT-2026-47370
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.12-1.1 Description A race condition exists in the pseries/papr-hvpipe component. A deadlock can occur if an interrupt fires on the same CPU whi...
CVE-2025-58707
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...
CVE-2025-58707
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...
EUVD-2025-210039
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...
CVE-2025-58707
The CVE-2025-58707 issue is a Local File Inclusion vulnerability in the WordPress Spin theme (Spin) versions up to 1.8. It arises from improper handling of filenames for include/require statements in a PHP program, enabling PHP LFI. Affected product: Axiomthemes Spin (WordPress Spin theme