SUSE CVE-2026-43415

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

CVE-2026-43415

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

CVE-2026-43415 scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

PT-2026-39076

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the ufshcd wl suspend function. The cancel delayed work sync call is positioned after ufshcd vops suspend, allowing ufshcd rtc work to run while ufshcd vops...

Linux Distros Unpatched Vulnerability : CVE-2026-43415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed...

SUSE CVE-2026-31731

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Address thermal zone removal races with resume Since thermalzonepmcomplete and thermalzonedeviceresume re-initialize the pollqueue delayed work for the given thermal zone, the canceldelayedworksync in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cnic: Fixed use-after-free bugs in cnicdeletetask. The original code used canceldelayedwork in cniccmstopbnx2xHW, which does not guarantee that the delayed work item “deletetask” has fully completed if it was already running...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: rds: Do not hold the sock lock when canceling work from rdstcpresetcallbacks. The syzbot is reporting a lockdep warning at rdstcpresetcallbacks 1. The related commit is ac3615e7f3cffe2a “RDS: TCP: Reduce code duplication in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: b2c2: Fix for a use-after-free caused by irqcheckwork in flexcoppciremove. The original code uses canceldelayedwork in flexcoppci Remove, which does not guarantee that the delayed irqcheckwork has fully completed if it is...

CVE-2026-31731

In CVE-2026-31731, the Linux kernel thermal management subsystem has a race where a thermal zone removal during resume can cause use-after-free. Root cause: thermal_zone_pm_complete() and thermal_zone_device_resume() re-initialize the poll_queue delayed work, so cancel_delayed_work_sync() in ther...

CVE-2026-31731

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Address thermal zone removal races with resume Since thermalzonepmcomplete and thermalzonedeviceresume re-initialize the pollqueue delayed work for the given thermal zone, the canceldelayedworksync in...

PT-2026-36366

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the thermal core due to race conditions during thermal zone removal and resume operations. The functions thermal zone pm complete and thermal zone device...

EUVD-2026-24875

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock in l2capconndel l2capconndel calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the work functions l2capinfotimeout and l2capconnupdateidaddr both acqui...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013841)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013841 advisory. In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rdstcpresetcallbacks syzbot is reporting...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013054)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013054 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpivideoswitchbrightness The switchbrightnesswork delayed wor...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007417)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007417 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue During the detaching of Marvell's SAS/SATA...

SUSE CVE-2026-31406

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...

EUVD-2026-10576

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tlsswcancelworktx This issue was discovered during a code audit. After canceldelayedworksync is called from tlsskprotoclose, txworkhandler can still be scheduled from paths such as the Delayed ACK handl...

CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tlsswcancelworktx This issue was discovered during a code audit. After canceldelayedworksync is called from tlsskprotoclose, txworkhandler can still be scheduled from paths such as the Delayed ACK handl...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ACPI: Video – Fix for a use-after-free in acpivideoswitchbrightness The switchbrightnesswork delayed work accesses device-brightness and device-backlight, which were freed by acpivideodevunregisterbacklight during device removal...