EUVD-2026-38997

In the Linux kernel, the following vulnerability has been resolved: fs/mbcache: cancel shrink work before destroying the cache mbcachedestroy calls shrinkerfree and then frees all cache entries and the cache itself, but it does not cancel the pending cshrinkwork work item first. If...

EUVD-2026-38965

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix use-after-free bugs in mt7996macdumpwork When the mt7996 pci chip is detaching, the mt7996crashdata is released in mt7996coredumpunregister. However, the work item dumpwork may still be running or pending,...

EUVD-2026-38966

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix use-after-free bugs in mt7915macdumpwork When the mt7915 pci chip is detaching, the mt7915crashdata is released in mt7915coredumpunregister. However, the work item dumpwork may still be running or pending,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: e1000: Moved cancelworksync to avoid deadlock. Previously, e1000down called cancelworksync for the e1000 reset task via e1000downandstop, which caused a RTNL condition. According to user reports and syzbot, a deadlock may occur i...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl8xxxu: Added cancelworksync for c2hcmdwork. The workqueue may still be running when the driver is stopped. To avoid a use-after-free, call cancelworksync in rtl8xxxustop...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fixed possible use after free in pxafbtask. In the pxafbprobe function, it calls the pxafbinitfbinfo function. After that, &fbi-task is associated with pxafbtask. Moreover, within this pxafbinitfbinfo function, the...

SUSE-SU-2026:2238-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. -...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2025-68310: s390/pci: Use pciueventers in PCI recovery bsc1255160. CVE-2025-71183: btrfs: always detect...

CVE-2026-46219

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free...

CVE-2026-46011

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

UBUNTU-CVE-2026-46011

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

CVE-2026-46011

Summary (CVE-2026-46011, Linux kernel, media: mtk-jpeg): A use-after-free in the mtk-jpeg driver arises when the release path frees the context (ctx) without cancelling pending/running work in ctx->jpeg_work, creating a race with the workqueue accessing freed memory. The race occurs during clo...

EUVD-2026-32308

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

CVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled work

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

PT-2026-43878

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the mtk jpeg release function. The function frees the context structure ctx without cancelling pending or running work in ctx-jpeg work. This creates a race...

EUVD-2026-28721

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

CVE-2026-43415

CVE-2026-43415 describes a race in the Linux kernel’s UFS host controller driver (scsi: ufs: core) during UFS suspend. The issue arises because cancel_delayed_work_sync() is invoked after ufshcd_vops_suspend(..., POST_CHANGE), allowing ufshcd_rtc_work() to race with suspend operations and potenti...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a use-after-free condition in tipcnamedreinit. syzbot identified the following issue: BUG: KASAN: Use-after-free in tipcnamedreinit+0x94f/0x9b0 net/tipc/namedistr.c:413 A 8-byte read at address ffff88805299a000 was...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ublk: Fix for use-after-free in ublkpartitionscanwork There exists a race condition between the async partition scan work and the device teardown, which can lead to a use-after-free of ub-ubdisk. 1. blkctrlstartdev schedules...

CVE-2026-31584

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix use-after-free in encoder release path The fopsvcodecrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-encodework. This creates a race window...