2473 matches found
CVE-2025-58151
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...
CVE-2026-52975
A flaw was found in the Linux kernel's bonding 3ad module. This vulnerability is due to a data-race condition caused by improper Read-Copy-Update RCU implementation in the port-aggregator component. An attacker could potentially exploit this to cause system instability or unexpected behavior...
CVE-2026-53303
In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extensionlist reading with sblock in f2fssbishow In f2fssbishow, the extensionlist, extensioncount and hotextcount are read without holding sbi-sblock. If a concurrent sysfs store modifies the extension list via...
Linux Distros Unpatched Vulnerability : CVE-2026-52975
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at...
EUVD-2026-38843
In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...
CVE-2026-52975
In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...
EUVD-2026-38930
In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: fix missing locks in invalidating cache blocks In passthrough mode, the policy invalidatemapping operation is called simultaneously from multiple workers, thus it should be protected by a lock. Otherwise, we...
CVE-2026-52975
The CVE concerns the Linux kernel bonding 3ad module. A data-race was found in bond_3ad_get_active_agg_info / bond_3ad_state_machine_handler due to insufficient Read-Copy-Update (RCU) handling for port->aggregator. The fix adds the __rcu qualifier to port->aggregator and uses proper RCU API...
CVE-2026-52975
In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fixed a possible data race in fore200eopen. Access to the field fore200e-availablecellrate is protected by the ratemtx lock in the error-handling code of fore200eopen to prevent a data race. The field...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Bonding: Annotate the data races around slave-lastrx. slave-lastrx and slave-targetlastarprx... can be read and written without locking. Add READONCE and WRITEONCE annotations. syzbot reported: BUG: KCSAN: Data race in...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: Fixed the data-race warning and potential load/store tearing issues. Fixed the following issue: BUG: KCSAN: A data-race occurred in rxrpcpeerkeepaliveworker and rxrpcsenddatapacket. This issue relates to reads and write...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ipv6: Annotated data-race in ndiscrouterdiscovery The syzbot found that ndiscrouterdiscovery could read and write in6dev-ramtu without holding a lock 1 This seems fine, as IFLAINET6RAMTU is a best-effort mechanism. Add...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: l2tp: avoided a data race in l2tptunneldelwork We should only access sk-sksocket when dealing with kernel sockets. syzbot reported the following data race: BUG: KCSAN: data race in l2tptunneldelwork / skcommonrelease Task 5365...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: locking/spinlock/debug: Fixed a data race in dorawwritelock. KCSAN reports: BUG: KCSAN: Data race in dorawwritelock/dorawwritelock. The following operations were performed: Write 0xffff800009cf504c 4 bytes to memory by task 11...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: mISDN: Annotated data-race around dev-work dev-work can be read without locking in mISDNread and mISDNpoll. Add READONCE/WRITEONCE annotations. BUG: KCSAN: Data race in mISDNioctl/mISDNread Writing 0xffff88812d848280 4 bytes b...
PT-2026-51869
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A data race exists in the bonding 3ad implementation due to improper Read-Copy-Update RCU rules for the port-aggregator variable. This issue was identified in the bond 3ad get active agg...
JLSEC-2026-620 WebSocket reader data race in auto-PONG/CLOSE-echo handling in HTTP.jl
Description The WebSocket reader task processed incoming frames by calling wsonincomingdata! without holding ws.sendlock. That function is not a pure parser: its auto-PONG and CLOSE-echo paths push! onto the shared ws.codec.outgoingframes vector, while application send/ping/pong/close paths mutat...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: List: Fixed a data race around ep-rdllist. The eppoll function first calls epeventsavailable without holding a lock and checks if ep-rdllist is empty using listemptycareful, which reads from rdllist-prev. Therefore, all access...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ICMP: Fixed a data race around the sysctlicmperrorsuseinboundifaddr function. When reading sysctlicmperrorsuseinboundifaddr, it can be changed concurrently. Therefore, we need to add READONCE to its reader function...