187 matches found
EUVD-2026-38940
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix locking in hciconnrequestevt with HCIPROTODEFER When protocol sets HCIPROTODEFER, hciconnrequestevt calls hciconnectcfmconn without hdev-lock. Generally hciconnectcfm assumes it is held, and if conn is deleted...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Fork: Defer linking of the vma file until vma is fully initialized. Thorvald reported a WARNING 1. The root cause of the issue lies in a race condition: - CPU 1: fork; - CPU 2: hugetlbfsfallocate; - dupmmap: hugetlbfspunchhole...
kernel: nbd: defer config unlock in nbd_genl_connect
In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...
CVE-2026-46223
The CVE-2026-46223 issue concerns the Linux kernel cgroup subsystem: rmdir defers percpu_ref kill of CSS until the cgroup is depopulated. A chain of commits reworked rmdir behavior to ensure ->css_offline() does not run while tasks are still doing kernel work in the cgroup. The core problem wa...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: proc: use the same treatment to check proclseek as ones for procreaditer et.al CVE-2025-38653 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183...
CLSA-2026-1779215759 libxml2: Fix of CVE-2022-49043
CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode by deferring xmlFreeURI until after the error path has consumed the value...
OESA-2026-2311 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. Thi...
CVE-2026-42209
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...
CLSA-2026-1778491896 libxml2: Fix of CVE-2022-49043
CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode by deferring xmlFreeURI until after the error path has consumed the value...
CVE-2026-42209
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...
CVE-2026-43326
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: Fixed a crash that occurred during hcicreatecissync. When attempting to connect multiple ISO sockets without using DEFERSETUP, the following crash may occur: BUG: KASAN: nullptrderef in...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: tty: fixed a possible nullptrdefer issue in spkttyiorelease. Run the following tests on the qemu platform: syzkaller: modprobe speakupaudptr input: Speakup as /devices/virtual/input/input4 initialized device: /dev/synth, node...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Double-free of rqxprtctxt while it is still in use. When a RPC request is deferred, the pointer rqxprtctxt is moved out of the svcrqst to the svcdeferredreq. When the deferred request is revisited, the pointer is copied...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: inet: frags: dropping fraglist and conntrack references Jakub added a warning in nfconntrackcleanupnetlist to make debugging leaked skbs/conntrack references more obvious. The syzbot reports that this triggers an issue, and I can...
net: ipv6: flowlabel: defer exclusive option free until RCU teardown
...
CVE-2026-31665
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: fix use-after-free in timeout object destroy nftcttimeoutobjdestroy frees the timeout object with kfree immediately after nfctuntimeout, without waiting for an RCU grace period. Concurrent packet processing on...
SUSE SLES15 Security Update : kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:1281-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1281-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.170 fixes various security issues The following security issues were fixed: ...
SUSE CVE-2026-31426
In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: clean up handlers on probe failure in acpiecsetup When ecinstallhandlers returns -EPROBEDEFER on reduced-hardware platforms, it has already started the EC and installed the address space handler with the struct acpiec...
x86/efi: defer freeing of boot services memory
...