71 matches found
CVE-2026-46170
A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. When an ADDADDR message is retransmitted, an issue in socket sk reference counting can prevent the socket from being properly freed. This improper resource management may lead to a Denial of Service DoS condition, where th...
PT-2026-44293
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD ADDR rtx: free sk if last When an ADD ADDR is retransmitted, the sk is held in sk reset timer, and released at the end. If at that moment, it was the last reference being held, the sk would not be freed. sock put...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fixed a possible use-after-free in nicstarcleanup The remove path of this module calls deltimer. However, that function does not wait until the timer handler is finished. This means that the timer handler may still ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Drivers: Staging: rtl8192eu: Fixed a deadlock in rtwjoinbsseventprehandle There is a deadlock in rtwjoinbsseventprehandle, as shown below: Thread 1 | Thread 2 | settimer rtwjoinbsseventprehandle | modtimer spinlockbh //1 | Wait f...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsllpuart: fixed a race condition during RX DMA shutdown. From time to time, DMA completion can occur mid-way through the DMA shutdown process: : lpuart32shutdown lpuartdmashutdown deltimersync lpuartdmarxcomplete...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: Drivers: USB: Host: Fixed a deadlock in oxubussuspend There is a deadlock in oxubussuspend, as shown below: Thread 1 | Thread 2 | timeraction oxubussuspend | modtimer spinlockirq //1 | Wait for a while ... | oxuwatchdog...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fixed a use-after-free bug in smpexecutetasksg When executing an SMP task fails, the smpexecutetasksg function calls deltimer to delete the “slowtask-timer” timer. However, if the timer handler sastaskinternaltimedo...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: Drivers: Staging: rtl8192u: Fixed a deadlock in ieee80211beaconsstop There is a deadlock in ieee80211beaconsstop, as shown below: Thread 1 | Thread 2 | ieee80211sendbeacon ieee80211beaconsstop | modtimer spinlockirqsave //1 | Wai...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: TCP: Properly terminate timers for kernel sockets We received various reports from syzbot regarding TCP timers being fired after the corresponding netns has been dismantled. Fortunately, Josef Bacik was able to trigger this issue...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: media: netupunidvb: fix use-after-free at deltimer When the Universal DVB card is being detached, netupunidvbdmafini uses deltimer to stop the dma-timeout timer. However, when the timer handler netupunidvbdmatimeout is running,...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013160)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013160 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidpsessionthread There is a potential race condition in...
CVE-2026-23281
A flaw was found in the Linux kernel's Marvell Libertas Wi-Fi driver. This vulnerability, a use-after-free, occurs because the system does not properly synchronize the freeing of memory with ongoing timer operations. If a timer attempts to access resources after they have been released, it can le...
CVE-2026-23281
In CVE-2026-23281, the Linux kernel Libertus wifi driver (lbs_free_adapter) uses non‑synchronous timer_delete() for command_timer and tx_lockup_timer, risking use‑after‑free if a timer callback runs during free. The callbacks (lbs_cmd_timeout_handler, lbs_tx_lockup_handler) access freed fields, c...
PT-2026-27646
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s wifi subsystem, specifically within the libertas driver. The lbs free adapter function incorrectly uses timer delete instead of timer delete sync for...
CVE-2023-54120
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidpsessionthread There is a potential race condition in hidpsessionthread that may lead to use-after-free. For instance, the timer is active while hidpdeltimer is called in hidpsessionthread. Aft...
CVE-2023-54120 Bluetooth: Fix race condition in hidp_session_thread
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidpsessionthread There is a potential race condition in hidpsessionthread that may lead to use-after-free. For instance, the timer is active while hidpdeltimer is called in hidpsessionthread. Aft...
CVE-2022-50697 mrp: introduce active flags to prevent UAF when applicant uninit
In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must prevent restarting of the timer, If we have no this synchronization, there is a small probability that the cancellation will not be...
CVE-2022-50697
CVE-2022-50697 affects the Linux kernel and relates to a race in timer cancellation that could lead to a use-after-free (UAF). The issue stems from a lack of synchronization when del_timer_sync is involved, with a syzbot crash trace showing a KASAN use-after-free in hlist_add_head and enqueue_tim...
PT-2025-53197
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists within the hidp session thread function, potentially leading to a use-after-free issue. Specifically, the timer may remain active while hidp del timer is invoked...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991131)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991131 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192u: Fix deadlock in ieee80211beaconsstop There is a deadlock in...