CVE-2026-53062

A flaw was found in the Linux kernel's device-mapper dm cache policy, specifically within the smq module. In passthrough mode, the invalidatemapping operation lacks proper locking, allowing for concurrent access. This can lead to data races, resulting in data corruption or use-after-free issues,...

Improper Locking

Overview Affected versions of this package are vulnerable to Improper Locking in the releasewritelock and releasereadlock functions. An attacker can disrupt synchronization guarantees and exploit data races or cause denial of service by invoking these functions from unauthorized threads or withou...

Wrap-around Error

Overview Affected versions of this package are vulnerable to Wrap-around Error in ReentrantReadWriteLock that causes incorrect write locks. An attacker can cause a thread to incorrectly obtain a write lock without exclusivity by repeatedly acquiring the read lock 32,768 times, which overflows the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ip: Fixed data races related to sysctlipfwdusepmtu. When reading from sysctlipfwdusepmtu, it can be changed concurrently. Therefore, we need to add a READONCE call to its readers...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fixed possible data races in gfs2showoptions Some fields such as gtlogdsecs of the struct gfs2tune are accessed without holding the lock gtspin in gfs2showoptions: val = sdp-sdtune.gtlogdsecs; if val != 30 seqprintfs,...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: Use DEVSTATSINC to avoid data races. syzbot/KCSAN reported that multiple CPUs are updating dev-stats.txerror concurrently. This occurs because sit tunnels use NETIFFLLTX, which means their ndostartxmit function is not...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcprecovery. When reading sysctltcprecovery, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: Fixed issues related to data races around sk-skforwardalloc. Syzkaller reported this warning: ------------------ WARNING: CPU: 0 PID: 16 at net/ipv4/afinet.c:156 inetsockdestruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID:...

Concurrent Ruby - ReadWriteLock allows wrong-thread write release and stray read-release counter corruption

Summary Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from accessing the devicefolio after calling the foliofree function, potentially leading to data races...

pam_usb 代码问题漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.1 contained code vulnerabilities. This vulnerability stemmed from the fact that the src/log.c file contained a process-level static pointer; each PAM ca...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sysctl: Data race issues in procdouintvecminmax have been fixed. A sysctl variable is accessed concurrently, and there is always a risk of data races. Therefore, both readers and writers need some basic protection to avoid data...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpminsndmss. When reading sysctltcpminsndmss, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpfastopenblackholetimeout. When reading sysctltcpfastopenblackholetimeout, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ipv4: The issue related to data races around sysctlfibmultipathhashpolicy has been fixed. When reading sysctlfibmultipathhashpolicy, it is possible for it to be changed concurrently. Therefore, we need to add READONCE to its...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpmtuprobing. When reading sysctltcpmtuprobing, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

Astra Linux – Vulnerability in RustC

crossbeam-utils provides atomic operations, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. Prior to version 0.8.7, crossbeam-utils incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006935)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006935 advisory. In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around sysctlnetbusyread We need to protect the reader reading the sysctl...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006919)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006919 advisory. In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix possible data races in gfs2showoptions Some fields such as gtlogdsecs of the struct...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006636 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpl3mdevaccept. While reading sysctltcpl3mdevaccept, it can be...