108 matches found
CVE-2026-53126
A flaw was found in the Linux kernel's blk-cgroup component. This vulnerability occurs due to a missing disk reference release on an error path within the blkcgmaybethrottlecurrent function. When certain lookups or gets fail, the disk reference acquired is not properly freed. This oversight can...
CVE-2026-53126
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix disk reference leak in blkcgmaybethrottlecurrent Add the missing putdisk on the error path in blkcgmaybethrottlecurrent. When blkcg lookup, blkg lookup, or blkgtryget fails, the function jumps to the out label whi...
CVE-2026-53126
CVE-2026-53126 corresponds to a Linux kernel fix for a disk reference leak in blkcg_maybe_throttle_current. The issue occurred when blkcg lookup, blkg lookup, or blkg_tryget() failed and control flowed to the error path; the code released only rcu_read_unlock() and failed to release the disk refe...
EUVD-2026-38994
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix disk reference leak in blkcgmaybethrottlecurrent Add the missing putdisk on the error path in blkcgmaybethrottlecurrent. When blkcg lookup, blkg lookup, or blkgtryget fails, the function jumps to the out label whi...
PT-2026-52020
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A disk reference leak occurs in the blkcg maybe throttle current function. When blkcg lookup, blkg lookup, or blkg tryget fails, the function fails to call put disk on the error path. Th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: The queuelock must be held when removing blkg-qnode. When blkg is removed from q-blkglist in the blkgfreeworkfn function, the queuelock must be held. Otherwise, various bugs such as list corruption, hard lockups, etc...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Properly pinning the parent in blkcgcssonline. blkcgcssonline is supposed to pin the blkcg of the parent, but after refactoring the code, it was changed to pin the css instead. This results in additional pinnings, and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed corruption of q-blkglist during disk rebinding. Multiple instances of the gendisk function can be allocated/added for a single request queue during disk rebinding. As a result, blkg may still remain in q-blkgli...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: The parent reference count is dropped after pdfreefn is called. Some cgroup policies will access the parent PD through the child PD even after pdofflinefn is called. If pdfreefn for the parent is called before that fo...
mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
...
SUSE CVE-2026-31586
In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwbreleaseworkfn cgwbreleaseworkfn calls cssputwb-blkcgcss and then later accesses wb-blkcgcss again via blkcgunpinonline. If cssput drops the last reference, the blkcg can be freed...
CVE-2026-31586
A flaw was found in the Linux kernel's block control group blk-cgroup component. A timing issue in the cgwbreleaseworkfn function can lead to a use-after-free vulnerability. This occurs when a block control group object is prematurely released while still being referenced. A local attacker could...
DEBIAN-CVE-2026-31586
In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwbreleaseworkfn cgwbreleaseworkfn calls cssputwb-blkcgcss and then later accesses wb-blkcgcss again via blkcgunpinonline. If cssput drops the last reference, the blkcg can be freed...
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwbreleaseworkfn cgwbreleaseworkfn calls cssputwb-blkcgcss and then later accesses wb-blkcgcss again via blkcgunpinonline. If cssput drops the last reference, the blkcg can be freed...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007569)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007569 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-fr...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTMTTFLAGPRIVPOPULATED CVE-2022-50390 In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkgiostatset after clearing in...
SUSE-SU-2026:20615-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-40147: blk-throttle: fix access race during throttle policy activation bsc1253344. - CVE-2025-40257: mptcp: fix a race in mptcppmdeladdtimer...
UBUNTU-CVE-2026-23148
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmetbiodone leading to NULL pointer dereference There is a race condition in nvmetbiodone that can cause a NULL pointer dereference in blkcgroupbiostart: 1. nvmetbiodone is called when a bio completes 2...
CVE-2026-23148 nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmetbiodone leading to NULL pointer dereference There is a race condition in nvmetbiodone that can cause a NULL pointer dereference in blkcgroupbiostart: 1. nvmetbiodone is called when a bio completes 2...
SUSE-SU-2026:0472-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 Azure kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-54013: interconnect: Fix locking for runpm vs reclaim bsc1256280. - CVE-2025-39880: libceph: fix invalid accesses to cephconnectionv1info bsc1250388. -...