6 matches found
CVE-2026-31404 NFSD: Defer sub-object cleanup in export put callbacks
In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svcexportput calls pathput and authdomainput immediately when the last reference drops, before the RCU grace period. RCU readers in eshow and cshow access both expath via...
PT-2026-30187
In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svc export put calls path put and auth domain put immediately when the last reference drops, before the RCU grace period. RCU readers in e show and c show access both ex path...
kernel: iommufd: Fix race during abort for file descriptors
A flaw was found in the Linux kernel such that the IOMMU file-descriptor subsystem, when aborting the allocation of a new object before installing the file descriptor, the code calls fput on the file and then immediately frees the associated object kfree, but the object is still referenced by the...
kernel: iommufd: Fix race during abort for file descriptors
A flaw was found in the Linux kernel such that the IOMMU file-descriptor subsystem, when aborting the allocation of a new object before installing the file descriptor, the code calls fput on the file and then immediately frees the associated object kfree, but the object is still referenced by the...
kernel: iommufd: Fix race during abort for file descriptors
A flaw was found in the Linux kernel such that the IOMMU file-descriptor subsystem, when aborting the allocation of a new object before installing the file descriptor, the code calls fput on the file and then immediately frees the associated object kfree, but the object is still referenced by the...
kernel: iommufd: Fix race during abort for file descriptors
A flaw was found in the Linux kernel such that the IOMMU file-descriptor subsystem, when aborting the allocation of a new object before installing the file descriptor, the code calls fput on the file and then immediately frees the associated object kfree, but the object is still referenced by the...