1988 matches found
EUVD-2026-38876
In the Linux kernel, the following vulnerability has been resolved: ice: fix race condition in TX timestamp ring cleanup Fix a race condition between icefreetxtstampring and icetxmap that can cause a NULL pointer dereference. icefreetxtstampring currently clears the ICETXFLAGSTXTIME flag after...
EUVD-2026-38926
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomicenable In case if we get errors in cdnsmhdplinkup or cdnsmhdpregread in atomicenable, we will go to cdnsmhdpmodesetretryfn and will hit NULL pointer...
CVE-2026-54904
Technical details for CVE-2026-54904 are not publicly available in the provided documents. No affected versions, root cause, or fixes are described beyond the initial entry. Monitor for updates.
CVE-2026-52939
Linux kernel vulnerability CVE-2026-52939 affects RDS over InfiniBand. A NULL dereference can occur in rds_ib_send_cqe_handler() when handling masked atomic completions, due to rds_ib_send_unmap_op() not covering masked opcodes. The issue occurs because masked atomic opcodes (IB_WR_MASKED_ATOMIC_...
CVE-2026-52939
In the Linux kernel, the following vulnerability has been resolved: n...
EUVD-2026-38709
In the Linux kernel, the following vulnerability has been resolved: net/rds: fix NULL deref in rdsibsendcqehandler on masked atomic completion rdsibxmitatomic always programs a masked atomic opcode IBWRMASKEDATOMICCMPANDSWP or IBWRMASKEDATOMICFETCHANDADD for every RDS atomic cmsg. But the...
EUVD-2026-38722
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix tpmeter counter underflow during shutdown batadvtpsendershutdown unconditionally decrements the "sending" atomic counter. If multiple paths e.g. timeout, user cancel, and normal finish call this function, the...
Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`
Summary Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between: - AtomicReferenceupdate, which retries until compareandsetoldvalue, newvalue succeeds. - Numeric compareandset, which checks old ==...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the AtomicReferenceupdate function when the current value is Float::NAN. An attacker can cause indefinite busy retry loops and CPU exhaustion by supplying malicious numeric data. Remediation Upgrade concurrent-ruby to...
GHSA-H8W8-99G7-QMVJ Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`
Summary Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between: - AtomicReferenceupdate, which retries until compareandsetoldvalue, newvalue succeeds. - Numeric compareandset, which checks old ==...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/i915: The issue of NULL pointer dereferencing was fixed by checking newcrtcstate. intelatomicgetnewcrtcstate may return NULL, unless the crtc state was obtained previously using intelatomicgetcrtcstate. Therefore, we must che...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed scheduling issues during atomic decompression operations 16.945668 C0 Call trace: 16.945678 C0 dumpbacktrace+0x110/0x204 16.945706 C0 dumpstacklvl+0x84/0xbc 16.945735 C0 schedulebug+0xb8/0x1ac 16.945756 C0...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Errors in error pointers were fixed in dpuplanevirtualatomiccheck. The function dpuplanevirtualatomiccheck was referencing pointers returned by drmatomicgetplanestate, without checking for errors. This could lead to...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: uio: uiodmemgenirq: Fixed an issue where the unlock operation was missed in irq configuration. The commit b74351287d4b “uio: fixed a bug in uiodmemgenirqirqcontrol”. corrected the code so that disableirq was called without...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: Fixed a null pointer panic in the tracepoint of replaceatomicwriteblock. A kernel panic occurs when oldaddr is NULL. https://bugzilla.kernel.org/showbug.cgi?id=217266 BUG: Null pointer dereferencing in the kernel; address:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: add a check for dpuplaneatomicprintstate to prevent invalid sspp values. Similar to the rpipe sspp protection, a check is added to prevent printing of the pipe’s state in a way that could lead to a NULL pointer...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/cma: Fixed a listener leak in the rdmacmalistenonall function when it fails. If the cmalistenonall function fails, the per-device ID remains in the listenlist, but the state is not set to RDMACMADDRBOUND. When the CMID is...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: IB/mad: Do not call to functions that might sleep while in atomic context. Tracepoints are not allowed to sleep. As a result, the following error is generated due to a call to ibquerypkey in atomic context. WARNING: CPU: 0 PID:...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel before version 6.4.5, the file driver/gpu/drm/drmatomic.c contained a use-after-free during a race condition between a nonblocking atomic commit and a driver unloading process...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ice: Do not double-unplug the aux device during a peer-initiated reset. In the IDC callback that is called when aux drivers request a reset, the function to unplug the aux devices is executed. This function is also called in the...