SUSE CVE-2026-43042

In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platformlabel,s pair The RCU-protected codepaths mplsforward, mplsdumproutes can have an inconsistent view of platformlabels vs platformlabel in case of a concurrent resize...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility that the xen9pfsfrontfree function may be called concurrently, leading to double...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that xfrmpolicyfini does not wait for the RCU reader to complete before releasing the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from concurrent updates to interface functions in the queryinterfaces function, potentially leading to...

PT-2026-37461

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the io uring/zcrx component on SMP systems between the scrub and refill paths. The io zcrx put niov uref function employs a non-atomic check-then-decrement...

PT-2026-37560

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the AMD IOMMU driver where concurrent Translation Lookaside Buffer TLB invalidations can cause completion waits to time out randomly. This occurs because the cmd sem v...

GHSA-JPQ4-7FMQ-Q5FJ parse-server: MFA SMS one-time password accepted twice under concurrent login

Impact A race condition in the MFA SMS one-time password OTP login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive valid session tokens, breaking the single-use property of the OTP. The vulnerability requires the attacker to already possess the...

parse-server: MFA SMS one-time password accepted twice under concurrent login

Impact A race condition in the MFA SMS one-time password OTP login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive valid session tokens, breaking the single-use property of the OTP. The vulnerability requires the attacker to already possess the...

Race Condition

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Race Condition through a race condition in the files function of the...

Security Bulletin:Axios HTTP/2 Session Cleanup Logic State Corruption Bug Fixed in 1.13.2

Summary Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The referenced commit moved the idr initialization too early in flchange, which allows concurrent users to access the filter that is still being initialized and is in an inconsiste...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed an issue related toracy under the cocurrent smb2 tree disconnect scenario. There is also a UAF issue under the cocurrent smb2 tree disconnect scenario. This patch introduces TREECONNEXPIRE flags for tcon to avoid...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – fixed the issue of kernel crashes in concurrent scenarios. When the link status changes, the nic driver needs to notify the roce driver to handle this event. However, at this time, the roce driver may uninit, which...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/nfs/read: fixed the double-unlock bug in nfsreturnemptyfolio. Sometimes, when a file was read while it was being truncated by another NFS client, the kernel could become deadlocked because foliounlock was called twice, and the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nfconntrack: A crash occurred when attempting to remove an uninitialized entry from the hash bucket list. A crash occurred while trying to remove the conntrack entry from the hash bucket list: Exception RIP:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mwifiex: discards erroneous disassociation frames on the STA interface When operating in concurrent STA/AP mode with the host MLME enabled, the firmware incorrectly sends disassociation frames to the STA interface when...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: qrtr: A refcount bug was fixed in qrtrrecvmsg. Syzbot reported the following bugs: refcountt: Addition of 0; use-after-free. … RIP: 0010:refcountwarnsaturate+0x17c/0x1f0 lib/refcount.c:25 … Call Trace: refcountadd...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg – Concurrent writes to afalgsendmsg are now disallowed. Issuing two writes to the same afalg socket is problematic, as the data will be interleaved in a unpredictable manner. Additionally, concurrent writes may caus...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: PCI/DPC: Fixed a use-after-free issue when a DPC event occurs concurrently with hot-removal of the same portion of the hierarchy. Keith reported a use-after-free when a DPC event occurred concurrently with the hot-removal of t...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: memcg: Protection for concurrent access to memcgroupidr Commit 73f576c04b94 “mm: memcontrol: Fixing cgroup creation failures after many small operations” separated the memcgroupidr IDs from the CSS ID space to address cgroup...