CVE-2026-46011

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

CVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled work

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

PT-2026-43878

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtk jpeg release function frees the context structure ctx without first cancelling any pending or running work in ctx-jpeg work. This creates a race...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: e1000: Moved cancelworksync to avoid deadlock. Previously, e1000down called cancelworksync for the e1000 reset task via e1000downandstop, which caused a deadlock. According to user reports and syzbot observations, a deadlock can...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl8xxxu: Added cancelworksync for c2hcmdwork. The workqueue may still be running when the driver is stopped. To avoid a use-after-free, call cancelworksync in rtl8xxxustop...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fixed warnings related to cancelsync on uninitialized workstructs. Betty reported encountering the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 … 8.713282 T221 Call trace:...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: tipc: fix use-after-free Read in tipcnamedreinit syzbot found the following issue on: ================================================================== BUG: KASAN: use-after-free in tipcnamedreinit+0x94f/0x9b0...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007572)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007572 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancelworksync before module remove If we remove the module which will call...

CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown

In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel txwork before socket teardown In rawsockrelease, cancel any pending txwork and purge the write queue before orphaning the socket. rawsocktxwork runs on the system workqueue and calls nfcdataexchange which...

EUVD-2026-10574

In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...

CVE-2026-23239

CVE-2026-23239 concerns the Linux kernel espintcp subsystem. A race condition was introduced where, after cancel_work_sync() is called from espintcp_close(), espintcp_tx_work() could still be scheduled from paths like the Delayed ACK handler or ksoftirqd. This could allow the worker to dereferenc...

CVE-2026-22995

The CVE concerns a Linux kernel race in ublk_partition_scan_work that can cause a use-after-free of ub->ub_disk due to a race between async partition scanning and device teardown. The vulnerability occurs when ublk_ctrl_start_dev() schedules partition_scan_work after add_disk(), and ublk_stop_...

CVE-2026-22995 ublk: fix use-after-free in ublk_partition_scan_work

In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublkpartitionscanwork A race condition exists between the async partition scan work and device teardown that can lead to a use-after-free of ub-ubdisk: 1. ublkctrlstartdev schedules partitionscanwork...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37805)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37805 advisory. - In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancelsync warnings on...

CVE-2025-71084 RDMA/cm: Fix leaking the multicast GID table reference

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix leaking the multicast GID table reference If the CM ID is destroyed while the CM event for multicast creating is still queued the cancelworksync will prevent the work from running which also prevents destroying the...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...

PT-2026-27737

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the NFC rawsock functionality of the Linux kernel. Specifically, the rawsock release function does not properly cancel pending tx work and purge the write queue before...

CVE-2025-40261 nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()

In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990580)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990580 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADFDEVRESETSYNC memory leak Using completiondone to determine whether the calle...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27052)

Vulnerability in Linux kernel: wifi: rtl8xxxu: add cancelworksync for c2hcmdwork The workqueue might still be running, when the driver is stopped. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...