UBUNTU-CVE-2026-53153

In the Linux kernel, the following vulnerability has been resolved: mm/listlru: drain before clearing xarray entry on reparent memcgreparentlistlrus clears the dying memcg's xarray entry with xasstore&xas, NULL before reparenting its per-node lists into the parent. This opens a window where a...

CVE-2026-53153 mm/list_lru: drain before clearing xarray entry on reparent

In the Linux kernel, the following vulnerability has been resolved: mm/listlru: drain before clearing xarray entry on reparent memcgreparentlistlrus clears the dying memcg's xarray entry with xasstore&xas, NULL before reparenting its per-node lists into the parent. This opens a window where a...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Protection was added to the device queue against concurrent access. In the dasdprofilestart function, the number of requests on the device queue is counted. However, access to the device queue is not protected against...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: qrtr: A refcount bug was fixed in qrtrrecvmsg. Syzbot reported the following bugs: refcountt: Addition of 0; use-after-free. … RIP: 0010:refcountwarnsaturate+0x17c/0x1f0 lib/refcount.c:25 … Call Trace: refcountadd...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/setmemory: Avoid spinlock recursion in changepageattr The commit 1f9ad21c3b38 “powerpc/mm: Implement setmemory routines” included a spinlock call in changepageattr in order to safely perform the three-step operations...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The referenced commit moved the idr initialization too early in flchange, which allows concurrent users to access the filter that is still being initialized and is in an inconsiste...

kernel: md/bitmap: fix GPF in write_page caused by resize race

A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...

CVE-2026-46252

A flaw was found in the Linux kernel's regulator core. Incorrect handling of locking in the regulatorresolvesupply function's error path can trigger a lockdep warning. This issue may allow for concurrent access problems, potentially leading to system instability or a denial of service DoS conditi...

CVE-2026-46252

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...

CVE-2026-46252 regulator: core: fix locking in regulator_resolve_supply() error path

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...

PT-2026-46015

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locking issue exists in the regulator core within the regulator resolve supply function. When the late enabling of a supply regulator fails, the system triggers a lockdep warning becau...

CVE-2025-59610 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

SUSE CVE-2026-46152

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...

PT-2026-44275

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A race condition exists in the ieee80211 invoke fast rx function within the mac80211 wireless driver. The rx result variable...

CVE-2026-44318

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if t...

CVE-2026-44318 free5GC: BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if t...

CVE-2026-44318 free5GC: BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if t...

EUVD-2026-32567

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if t...

CVE-2026-44318

Summary: The vulnerability CVE-2026-44318 affects free5GC BSF before 4.2.2, where PUT /nbsf-management/v1/subscriptions/{subId} unsafely writes to the global Subscriptions map without proper locking in the create-if-absent path. A concurrent authenticated PUT can cause a race between a read (RLoc...

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...