CVE-2026-23014 perf: Ensure swevent hrtimer is properly destroyed

In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimertrytocancel in perfsweventcancelhrtimer it appears possible for the hrtimer to still be active by the time the event gets freed. Make sure the event doe...

PT-2026-5128

In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer try to cancel in perf swevent cancel hrtimer it appears possible for the hrtimer to still be active by the time the event gets freed. Make sure the eve...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005073)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005073 advisory. In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdttrigger When the cpu5wdt module is...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005184)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005184 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005037)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005037 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of sndseqtimeropen The timer instance per queue is exclusive, and...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005134)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005134 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4fillsuper Th...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005125)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005125 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k: Don't call getc0compareint if timer irq is installed This avoids warning: 0.11805...

SUSE CVE-2026-22997

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939xtprxrtssessionactive: deactivate session upon receiving the second rts Since j1939sessiondeactivateactivatenext in j1939tprxtimer is called only when the timer is enabled, we need to call...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004957)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004957 advisory. In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel If an exiting...

CVE-2026-22997

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939xtprxrtssessionactive: deactivate session upon receiving the second rts Since j1939sessiondeactivateactivatenext in j1939tprxtimer is called only when the timer is enabled, we need to call...

UBUNTU-CVE-2026-22997

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939xtprxrtssessionactive: deactivate session upon receiving the second rts Since j1939sessiondeactivateactivatenext in j1939tprxtimer is called only when the timer is enabled, we need to call...

CVE-2026-22997

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939xtprxrtssessionactive: deactivate session upon receiving the second rts Since j1939sessiondeactivateactivatenext in j1939tprxtimer is called only when the timer is enabled, we need to call...

EUVD-2026-4637

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939xtprxrtssessionactive: deactivate session upon receiving the second rts Since j1939sessiondeactivateactivatenext in j1939tprxtimer is called only when the timer is enabled, we need to call...

CVE-2026-22997 net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939xtprxrtssessionactive: deactivate session upon receiving the second rts Since j1939sessiondeactivateactivatenext in j1939tprxtimer is called only when the timer is enabled, we need to call...

CVE-2026-22997

The CVE-2026-22997 issue affects the Linux kernel CAN/J1939 subsystem. The root cause is that j1939_session_deactivate_activate_next() is only invoked in j1939_tp_rxtimer() when the timer is enabled, allowing a refcount leak if the timer is cancelled without calling the function. This can lead to...

OESA-2026-1231 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the smpexecutetasksg calls deltimer to delete "slowtask-timer". However,...

SUSE-SU-2026:0263-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255576. -...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42239)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42239 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fail bpftimercancel when callback ...

Azure Linux 3.0 Security Update: kernel (CVE-2024-49960)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49960 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed...

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. There is a security vulnerability in Gitea, which stems from the fact that the second timer API does not re-verify repository access permissions. This allows users to still view the problem title and repository...