PT-2026-46987

Summary SAML.getSession internal/pkg/auth/interceptor/saml.go checks the Used flag on a SAMLAssertion resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same saml-session token can both observe Used =...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fixed the race condition between the scrub and refill paths. The iozcrxputniovuref function uses a non-atomic check-then-decrement pattern atomicread followed by an atomicdec to manipulate userrefs. This pattern is...

CVE-2026-43199

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5eipsecinitmacs by replacing mlx5querymacaddress with etheraddrcopy to get the local MAC address directly from...

CVE-2026-43121

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userref race between scrub and refill paths The iozcrxputniovuref function uses a non-atomic check-then-decrement pattern atomicread followed by separate atomicdec to manipulate userrefs. This is serialized...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86 – Mark the target gfn of the emulated atomic instruction as dirty When emulating an atomic access on behalf of the guest, mark the target gfn as dirty if the CMPXCHG instruction attempts to be executed and fails without ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race conditions in allocslabobjexts. If two competing threads enter allocslabobjexts, and one of them fails to allocate the object extension vector, it may override the valid slab-objexts allocated by the other thread...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Returns a CQE error if an invalid lkey is provided. RXE fails to update the WQE status in cases of LOCALwrite failures. This caused the following kernel panic if someone performed an atomic operation with an explicit...

UBUNTU-CVE-2025-68732

In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix race in syncpt alloc/free Fix race condition between host1xsyncptalloc and host1xsyncptput by using krefputmutex instead of krefput + manual mutex locking. This ensures no thread can acquire the syncptmutex after...

CVE-2025-40348

In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race on slab-objexts in allocslabobjexts If two competing threads enter allocslabobjexts and one of them fails to allocate the object extension vector, it might override the valid slab-objexts allocated by the other...

PT-2025-51564

In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race on slab-obj exts in alloc slab obj exts If two competing threads enter alloc slab obj exts and one of them fails to allocate the object extension vector, it might override the valid slab-obj exts allocated by the...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: rose: The use field in the struct roseneigh structure is used as a reference counter, but it lacks atomicity. This can lead to race conditions, where a roseneigh structure is freed while still being referenced by other code...

EUVD-2022-53413

Malicious code in bioql PyPI...

CVE-2023-53262 f2fs: fix scheduling while atomic in decompression path

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix scheduling while atomic in decompression path 16.945668 C0 Call trace: 16.945678 C0 dumpbacktrace+0x110/0x204 16.945706 C0 dumpstacklvl+0x84/0xbc 16.945735 C0 schedulebug+0xb8/0x1ac 16.945756 C0 schedule+0x724/0xbdc...

mptcp: make fallback action and fallback decision atomic

...

Shopware 6.6.10.4 Race Condition

A race condition exists within the voucher system of the Shopware Core. Successful exploitation of this vulnerability allows an attacker to bypass voucher usage limits during the checkout process. This vulnerability exists due to the fact that validation of voucher codes is not an atomic operatio...

SUSE CVE-2025-38491

In the Linux kernel, the following vulnerability has been resolved: mptcp: make fallback action and fallback decision atomic Syzkaller reported the following splat: WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcpdofallback net/mptcp/protocol.h:1223 inline WARNING: CPU: 1 PID: 7704 at...

CVE-2025-38491

In the Linux kernel, the following vulnerability has been resolved: mptcp: make fallback action and fallback decision atomic Syzkaller reported the following splat: WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcpdofallback net/mptcp/protocol.h:1223 inline WARNING: CPU: 1 PID: 7704 at...

CVE-2025-38456

CVE-2025-38456 concerns Linux kernel ipmi:msghandler memory corruption in ipmi_create_user(). The bug is triggered when the ipmi interface iterator (intf) pointer is invalid (correct intf_num not found); calling atomic_dec on this invalid pointer can corrupt memory. A fix updates the intf path (i...

PT-2025-37971

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The 'use' field within the rose neigh structure was not atomic, leading to potential race conditions. Specifically, the structure could be freed while still being referenced, potentially...

CVE-2024-56613

In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma-numabstate Problem Description When running the hackbench program of LTP, the following memory leak is reported by kmemleak. /opt/ltp/testcases/bin/hackbench 20 thread 1000...