CVE-2026-52910

The CVE concerns the Linux kernel: a reuseport cBPF program could be freed without waiting for an RCU grace period, via sk_reuseport_prog_free() when detaching from the setsockopt path. The underlying issue is that bpf_release_orig_filter() and bpf_prog_free() destruct the cBPF program too early,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: A potential deadlock has been fixed in deferredirqworkfn. For PREEMPTRT=y kernels, deferredirqworkfn is executed in the per-cpu irqwork/ task context, and not in disable-irq. If the rq returned by containerof is the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: Fixed stale direct dispatch state in ddspdsqid. @p-scx.ddspdsqid can be left set non-SCXDSQINVALID, causing a spurious warning in markdirectdispatch when the next wakeup’s ops.selectcpu calls scxbpfdsqinsert. For exampl...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam – Fixed a use-after-free issue when removing a device. When a hid-steam device is removed, it must clean up the clienthdev that was used to intercept hidraw access. This can result in deferred tasks being scheduled...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: Ensure that the freeing of iokiocb is deferred to a later time for the RCU. syzbot reports that deferring or localizing the taskworkadd operation via msgring can result in a request being freed before it should b...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/disp/dpu1: Avoid clearing hardware interrupts if hwintr is null during drm uninit. If the edp modeset init fails due to the panel not being ready, and the probe is deferred during drm bind, avoid clearing IRQs and...

PT-2026-49265

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

EUVD-2026-36630

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

CVE-2026-41158

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

CVE-2026-41158

Summary of CVE-2026-41158: The vulnerability concerns GPU DDK where backed sparse PMRs are not handled by the deferred free mechanism after shrink, allowing a non-privileged user to perform GPU system calls that write to arbitrarily freed physical pages. The root cause is that physical memory all...

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

PT-2026-49023

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Software installed and run as a non-privileged user may perform GPU system calls to write to arbitrary freed physical pages. This occurs because physical memory...

python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Impact AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query in self.deferredaddr and armed a per-addr timer in self.timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped, and...

Xen: Use after free of paging structures in EPT (XSA-480)

The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however is not deferred until the flushing is done, and...

K000161576: Linux kernel vulnerabilities CVE-2025-39841 and CVE-2025-39727

Security Advisory Description CVE-2025-39841 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the ...

CVE-2026-46264 drm/xe/pf: Fix sysfs initialization

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: eventpoll: Deferring the epfree function in eventpoll.c to an RCU callback during a grace period. In certain situations, epfree in eventpoll.c will free the epi-ep structure while it is still being used by another concurrent...

fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info

...

SUSE CVE-2026-45855

In the Linux kernel, the following vulnerability has been resolved: ata: libata-scsi: avoid Non-NCQ command starvation When a non-NCQ command is issued while NCQ commands are being executed, atascsiqcissue indicates to the SCSI layer that the command issuing should be deferred by returning...