UBUNTU-CVE-2026-45898

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing worklist The commit e1168f0 "RDMA/iwcm: Simplify cmeventhandler" changed the work submission logic to unconditionally call queuework with the expectation that queuework would...

UBUNTU-CVE-2026-46075

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new -read calls and flush the Atmel I2C workqueue before teardown to prevent a potential UAF if a queued callback runs while...

UBUNTU-CVE-2026-46011

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

UBUNTU-CVE-2026-46047

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Fix use-after-free in driver remove In the remove callback, if a packet arrives after destroyworkqueue is called, but before sockrelease, the qrtrnsdataready callback will try to queue the work, causing...

CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Fix use-after-free in driver remove In the remove callback, if a packet arrives after destroyworkqueue is called, but before sockrelease, the qrtrnsdataready callback will try to queue the work, causing...

CVE-2026-46047

CVE-2026-46047: In the Linux kernel, net: qrtr: ns use-after-free in driver remove is fixed. The vulnerability arises if a packet arrives after destroy_workqueue() but before sock_release(), causing qrtr_ns_data_ready() to queue a work item that dereferences freed memory. Root and distro advisori...

EUVD-2026-32429

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Fix use-after-free in driver remove In the remove callback, if a packet arrives after destroyworkqueue is called, but before sockrelease, the qrtrnsdataready callback will try to queue the work, causing...

CVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled work

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

EUVD-2026-32308

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

CVE-2026-45898

The CVE-2026-45898 issue affects the Linux kernel’s RDMA/iwcm component, where flawed work submission logic could cause queue_work() to queue items that are still live, enabling a work item to be processed and freed while still on the workqueue and triggering list corruption. The root cause is th...

CVE-2026-45898

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing worklist The commit e1168f0 "RDMA/iwcm: Simplify cmeventhandler" changed the work submission logic to unconditionally call queuework with the expectation that queuework would...

CVE-2026-45898

RDMA/iwcm: Fix workqueue list corruption by removing worklist...

PT-2026-43765

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA/iwcm component where the work submission logic unconditionally calls queue work. Because a free list of struct iwcm work is used, each call to queue work is...

PT-2026-43914

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the QRTR nameservice driver during the remove process. If a packet arrives after destroy workqueue is called but before sock release, the qrtr ns data...

PT-2026-43878

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the mtk jpeg release function. The function frees the context structure ctx without cancelling pending or running work in ctx-jpeg work. This creates a race...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: power:supply:max77705: Fixed the error handling in the probe function related to the workqueue. The createsinglethreadworkqueue function no longer returns error pointers; instead, it returns NULL. Additionally, the workqueue was...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Lag, fix failure to cancel delayed bond work The commit 0d4e8ed139d8 “net/mlx5: Lag, avoid lockdep warnings” accidentally removed a call to cancel delayed bond work. This may cause queued delays to expire and affect wor...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Check the scheduler work queue before calling timeout handling During an IGT GPU reset test, we still encounter an oops error, despite the commit 0c8c901aaaebc9 drm/sched: Check the scheduler ready before calling timeo...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Converted spinlock to mutex to lock the evlworkqueue. drainworkqueue cannot be called safely in a spinlocked context due to possible task rescheduling. In the multi-task scenario, calling queuework while...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: nbd: Fixed NULL pointer in flushworkqueue Open /dev/nbdX first; the configrefs will be 1, and the pointers in nbddevice remain null. Disconnect /dev/nbdX, then reference a NULL recvworkq. The protection provided by configrefs ...