SUSE-SU-2026:2238-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. -...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2025-68310: s390/pci: Use pciueventers in PCI recovery bsc1255160. CVE-2025-71183: btrfs: always detect...

CVE-2026-46219

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free...

CVE-2026-46011

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

UBUNTU-CVE-2026-46011

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

CVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled work

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

CVE-2026-46011

Summary (CVE-2026-46011, Linux kernel, media: mtk-jpeg): A use-after-free in the mtk-jpeg driver arises when the release path frees the context (ctx) without cancelling pending/running work in ctx->jpeg_work, creating a race with the workqueue accessing freed memory. The race occurs during clo...

EUVD-2026-32308

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

PT-2026-43878

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtk jpeg release function frees the context structure ctx without first cancelling any pending or running work in ctx-jpeg work. This creates a race...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: e1000: Moved cancelworksync to avoid deadlock. Previously, e1000down called cancelworksync for the e1000 reset task via e1000downandstop, which caused a deadlock. According to user reports and syzbot observations, a deadlock can...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl8xxxu: Added cancelworksync for c2hcmdwork. The workqueue may still be running when the driver is stopped. To avoid a use-after-free, call cancelworksync in rtl8xxxustop...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fixed warnings related to cancelsync on uninitialized workstructs. Betty reported encountering the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 … 8.713282 T221 Call trace:...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fixed possible use after free in pxafbtask. In the pxafbprobe function, it calls the pxafbinitfbinfo function. After that, &fbi-task is associated with pxafbtask. Moreover, within this pxafbinitfbinfo function, the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ublk: A use-after-free issue has been fixed in ublkpartitionscanwork. There exists a race condition between the async partition scan work and the device teardown process, which can lead to a use-after-free of ub-ubdisk: 1...

EUVD-2026-28721

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

CVE-2026-43415

CVE-2026-43415 describes a race in the Linux kernel’s UFS host controller driver (scsi: ufs: core) during UFS suspend. The issue arises because cancel_delayed_work_sync() is invoked after ufshcd_vops_suspend(..., POST_CHANGE), allowing ufshcd_rtc_work() to race with suspend operations and potenti...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fixed a use-after-free vulnerability in the cdnsi3cmasterprobe function due to race conditions. In the cdnsi3cmasterprobe function, &master-hjwork is bound to cdnsi3cmasterhj. The cdnsi3cmasterinterrupt functio...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: media: venus: Fixed a bug related to the use of core-work after it is freed, due to a race condition in the venusremove function. In venusprobe, core-work is bound to venussyserrorhandler, which is used to handle errors. The code...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: tipc: fix use-after-free Read in tipcnamedreinit syzbot found the following issue on: ================================================================== BUG: KASAN: use-after-free in tipcnamedreinit+0x94f/0x9b0...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancelworksync before module remove If we remove the module that will call mpc52xxspiremove, it will free the ms object through spiunregistercontroller. Meanwhile, the work stored in ms-work will remain unused...