98 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed corruption of q-blkglist during disk rebinding. Multiple instances of the gendisk function can be allocated/added for a single request queue during disk rebinding. As a result, blkg may still remain in q-blkgli...
Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fixed a UAF in blkcgunpinonline. blkcgunpinonline traverses the blkcg hierarchy to set the object as online. To traverse this hierarchy, it uses blkcgparentblkcg, but this call occurs after blkcgDestroyBlksblkcg, whic...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fixed the issue where the refcount of the subsystem for the @blockclass class was leaking. The blkcgfillrootiostats function iterates over the devices belonging to @blockclass using classdeviterinit|next, but does not...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocgpaydebt, warn is triggered if 'activelist' is empty, which is intended to confirm iocg is active when it has debt. However, warn can be triggered during a blkcg or disk...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcgcssonline blkcgcssonline is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: dropping parent refcount after pdfreefn is done Some cgroup policies will access parent pd through child pd even after pdofflinefn is done. If pdfreefn for parent is called before child, then UAF can be triggered. Hen...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: hold queuelock when removing blkg-qnode When blkg is removed from q-blkglist from blkgfreeworkfn, queuelock has to be held, otherwise, all kinds of bugslist corruption, hard lockup, .. can be triggered from...
mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
...
SUSE CVE-2026-31586
In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwbreleaseworkfn cgwbreleaseworkfn calls cssputwb-blkcgcss and then later accesses wb-blkcgcss again via blkcgunpinonline. If cssput drops the last reference, the blkcg can be freed...
CVE-2026-31586
A flaw was found in the Linux kernel's block control group blk-cgroup component. A timing issue in the cgwbreleaseworkfn function can lead to a use-after-free vulnerability. This occurs when a block control group object is prematurely released while still being referenced. A local attacker could...
DEBIAN-CVE-2026-31586
In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwbreleaseworkfn cgwbreleaseworkfn calls cssputwb-blkcgcss and then later accesses wb-blkcgcss again via blkcgunpinonline. If cssput drops the last reference, the blkcg can be freed...
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwbreleaseworkfn cgwbreleaseworkfn calls cssputwb-blkcgcss and then later accesses wb-blkcgcss again via blkcgunpinonline. If cssput drops the last reference, the blkcg can be freed...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007569)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007569 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-fr...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTMTTFLAGPRIVPOPULATED CVE-2022-50390 In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkgiostatset after clearing in...
SUSE-SU-2026:20615-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-40147: blk-throttle: fix access race during throttle policy activation bsc1253344. - CVE-2025-40257: mptcp: fix a race in mptcppmdeladdtimer...
UBUNTU-CVE-2026-23148
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmetbiodone leading to NULL pointer dereference There is a race condition in nvmetbiodone that can cause a NULL pointer dereference in blkcgroupbiostart: 1. nvmetbiodone is called when a bio completes 2...
CVE-2026-23148 nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmetbiodone leading to NULL pointer dereference There is a race condition in nvmetbiodone that can cause a NULL pointer dereference in blkcgroupbiostart: 1. nvmetbiodone is called when a bio completes 2...
SUSE-SU-2026:0472-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 Azure kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-54013: interconnect: Fix locking for runpm vs reclaim bsc1256280. - CVE-2025-39880: libceph: fix invalid accesses to cephconnectionv1info bsc1250388. -...
Azure Linux 3.0 Security Update: kernel (CVE-2025-21745)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21745 advisory. - In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @blockclass's...
ROS-20260119-7348
A vulnerability in the block/blk-cgroup.c component of the Linux operating system kernel is related to improper memory freeing before deleting the last link. Exploitation of the vulnerability could allow an attacker to cause a denial of service...