Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013388)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013388 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cmid...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007590)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007590 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cmid...

kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...

EUVD-2025-20961

Malicious code in bioql PyPI...

EUVD-2025-20045

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-38287

In the Linux kernel, the following vulnerability has been resolved: IB/cm: Drop lockdep assert and WARN when freeing old msg The send completion handler can run after cmid has advanced to another message. The cmid lock is not needed in this case, but a recent change re-used cmfreeprivmsg, which...

CVE-2025-38211

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...

CVE-2025-38211

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...

CVE-2025-38211 RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...

CVE-2025-38211

CVE-2025-38211 concerns the Linux kernel’s RDMA/iwcm path. A use-after-free was introduced in the cm_id lifecycle when the cm_id_private work objects could still be in use by event-handler works during cm_id destruction, after resources were freed. The issue persisted despite prior fixes that flu...

CVE-2025-38211 RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...

CVE-2025-38211

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...

CVE-2024-42285

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iwconnreqhandler associates a new struct rdmaidprivate connid with an existing struct iwcmid cmid as follows: connid-cmid.iw = cmid; cmid-context = connid; cmid-cmhandl...

CVE-2024-42285 RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iwconnreqhandler associates a new struct rdmaidprivate connid with an existing struct iwcmid cmid as follows: connid-cmid.iw = cmid; cmid-context = connid; cmid-cmhandl...

CVE-2021-47378

A vulnerability was found in the Linux kernel's nvme-rdma driver where the driver failed to destroy a component cmid before another component qp was destroyed. This issue occurs when the kernel incorrectly manages memory during RDMA, leading to a potential use-after-free. Mitigation Red Hat has...

CVE-2021-47378

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cmid before destroy qp to avoid to get cma event after qp was destroyed, which may lead to use after free. In RDMA connection establishme...

CVE-2021-47378

CVE-2021-47378 affects the Linux kernel nvme-rdma code: destroying cm_id before destroying the qp can cause a use-after-free in RDMA error flow. The fix documented in multiple sources is to always destroy cm_id before destroying the qp, with qp subsequently destroyed in nvme_rdma_alloc_queue() af...

Sql injection

SQL injection vulnerability in the Club Manager comclubmanager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cmid parameter in an equip presenta action to index.php...

kernel security and bug fix update

2.6.32-71.24.1.el6 - fs Revert 'fs inotify: stop kernel memory leak on file creation failure' Eric Paris 656831 656832 CVE-2010-4250 2.6.32-71.23.1.el6 - x86 Revert 'x86 mtrr: Assume SYSCFGTom2ForceMemTypeWB exists on all future AMD CPUs' Frank Arnold 683813 652208 2.6.32-71.22.1.el6 - rebuild...