CVE-2023-54067

CVE-2023-54067 concerns a race in the Linux kernel’s Btrfs code. The vulnerability arises when deleting the free space root from the dirty_cowonly_roots list without holding the trans_lock, allowing concurrent manipulations (e.g., adding a root via add_root_to_dirty_list) to interleave with the d...

CVE-2022-50726 net/mlx5: Fix possible use-after-free in async command interface

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix possible use-after-free in async command interface mlx5cmdcleanupasyncctx should return only after all its callback handlers were completed. Before this patch, the below race between mlx5cmdcleanupasyncctx and...

CVE-2022-50726

In CVE-2022-50726, the Linux kernel mlx5 async command interface had a use-after-free caused by a race between mlx5_cmd_cleanup_async_ctx and mlx5_cmd_exec_cb_handler. The patch fixes this by using a completion object and completing when num_inflight reaches 0, ensuring cleanup only after all in-...

CVE-2022-50726 net/mlx5: Fix possible use-after-free in async command interface

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix possible use-after-free in async command interface mlx5cmdcleanupasyncctx should return only after all its callback handlers were completed. Before this patch, the below race between mlx5cmdcleanupasyncctx and...

CVE-2023-53998

CVE-2023-53998: Linux kernel virtio RNG (hwrng) data_race between writer and reader in data_avail; fix uses smp_store_release on data_avail and smp_load_acquire on first read, with safe subsequent reads. Also removes redundant zeroing of data_idx in random_recv_done and data_avail in request_entr...

CVE-2022-50697 mrp: introduce active flags to prevent UAF when applicant uninit

In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must prevent restarting of the timer, If we have no this synchronization, there is a small probability that the cancellation will not be...

CVE-2022-50697

CVE-2022-50697 affects the Linux kernel and relates to a race in timer cancellation that could lead to a use-after-free (UAF). The issue stems from a lack of synchronization when del_timer_sync is involved, with a syzbot crash trace showing a KASAN use-after-free in hlist_add_head and enqueue_tim...

PT-2025-52989

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc6-btrfs-next-134+ Description The Linux kernel contains a flaw in the btrfs file system related to race conditions when deleting quota roots from the dirty cow roots list. Specifically, when disabling...

PT-2025-52955

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the virtio random number generator rng device when handling entropy requests and data availability. Specifically, the issue occurs when a new request is...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of synchronization mechanisms that could lead to reuse after release...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ice driver not properly synchronizing the VSI configuration during a reload, which could lead to null...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from questionable RCU usage and could lead to synchronization issues...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention condition that could cause synchronization points to remain in the cleanup when they are...

PT-2025-53197

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists within the hidp session thread function, potentially leading to a use-after-free issue. Specifically, the timer may remain active while hidp del timer is invoked...

CLSA-2025-1766502382 keylime: Fix of CVE-2025-13609

CVE-2025-13609: enforce TPM identity immutability for agent UUIDs in registrar, add shared memory for multiprocess synchronization...

ROS-20251223-7314

A vulnerability in the Snapshot/Restore commands of the AdminServer component of the centralized service for maintaining configuration information, naming, providing distributed synchronization, and provisioning Apache ZooKeeper group services is related to incorrect handling of insufficient...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from a synchronization external abort, which could lead to a synchronization external abort error when unbinding...

Quest Coexistence Manager for Notes 安全漏洞

Quest Coexistence Manager for Notes is a data synchronization software from Quest USA. A security vulnerability exists in Quest Coexistence Manager for Notes, which stems from an inconsistent HTTP request/response interpretation that could lead to an HTTP request entrapment attack...

PT-2025-52252

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel related to the SCSI subsystem and the IMM Integrated Microcode Module parallel port SCSI host adapter. The problem occurs because a...

ROS-20251217-7307

A vulnerability in the Graphics component of Mozilla Firefox and Firefox ESR browsers is related to synchronization errors when using a shared resource "Race Situation". Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...