CVE-2026-31586

In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwbreleaseworkfn cgwbreleaseworkfn calls cssputwb-blkcgcss and then later accesses wb-blkcgcss again via blkcgunpinonline. If cssput drops the last reference, the blkcg can be freed...

CVE-2026-31586

Summary: CVE-2026-31586 is a Linux kernel use-after-free in blk-cgroup during cgwb_release_workfn. The vulnerability occurs when css_put(wb->blkcg_css) is followed by accessing wb->blkcg_css via blkcg_unpin_online(), which can free the blkcg asynchronously (css_free_rwork_fn -> kfree) if...

EUVD-2026-25479

In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwbreleaseworkfn cgwbreleaseworkfn calls cssputwb-blkcgcss and then later accesses wb-blkcgcss again via blkcgunpinonline. If cssput drops the last reference, the blkcg can be freed...

PT-2026-34938

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the function cgwb release workfn. The function calls css putwb-blkcg css and subsequently accesses wb-blkcg css again via blkcg unpin online. If css put...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56672)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56672 advisory. - In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcgunpinonline...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001156)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001156 advisory. The blkcginitqueue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service double free or possibly have...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003556)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003556 advisory. The blkcginitqueue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service double free or possibly have...

MiracleLinux 9 : kernel-5.14.0-611.5.1.el9_7 (AXSA:2025-11493:94)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11493:94 advisory. kernel: can: isotp: fix potential CAN frame reception race in isotprcv CVE-2022-48830 kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB...

ALSA-2025:20518 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix potential CAN frame reception race in isotprcv CVE-2022-48830 kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB CVE-2024-46689 kernel: Squashfs: sanity check...

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix potential CAN frame reception race in isotprcv CVE-2022-48830 kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB CVE-2024-46689 kernel: Squashfs: sanity check...

Siemens SIMATIC Devices Use After Free (CVE-2024-56672)

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcgunpinonline blkcgunpinonline walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcgparentblkcg but it was calling that after blkcgdestroyblkgsblkcg which could free the blkcg Th...

UBUNTU-CVE-2022-50550

In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix memory leak on adddisk failures When a gendisk is successfully initialized but adddisk fails such as when a loop device has invalid number of minor device numbers specified, blkcginitdisk is called during init...

EUVD-2024-53320

Malicious code in bioql PyPI...

CVE-2023-53421 blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkgiostatset after clearing in blkcgresetstats When blkgalloc is called to allocate a blkcggq structure with the associated blkgiostatset's, there are 2 fields within blkgiostatset that requires proper...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the blkgiostatset structure not reinitializing the blkg and sync fields after being cleared in...

Linux Distros Unpatched Vulnerability : CVE-2024-56672

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcgunpinonline blkcgunpinonline walks up the blkcg hierarchy puttin...

AZL-54792 CVE-2024-56672 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcgunpinonline blkcgunpinonline walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcgparentblkcg but it was calling that after blkcgdestroyblkgsblkcg which could free the blkcg,...

CVE-2024-56672 blk-cgroup: Fix UAF in blkcg_unpin_online()

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcgunpinonline blkcgunpinonline walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcgparentblkcg but it was calling that after blkcgdestroyblkgsblkcg which could free the blkcg,...

CVE-2024-56672

CVE-2024-56672 affects the Linux kernel blk-cgroup component. The issue is a use-after-free (UAF) in blkcg_unpin_online() where blkcg_parent(blkcg) is read after blkcg_destroy_blkgs(blkcg) could free the blkcg. The fix reads the parent pointer before destroying the blkcg’s blkg’s, preventing UAF....

CVE-2024-56672 blk-cgroup: Fix UAF in blkcg_unpin_online()

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcgunpinonline blkcgunpinonline walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcgparentblkcg but it was calling that after blkcgdestroyblkgsblkcg which could free the blkcg,...