6 matches found
CVE-2026-31404 NFSD: Defer sub-object cleanup in export put callbacks
In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svcexportput calls pathput and authdomainput immediately when the last reference drops, before the RCU grace period. RCU readers in eshow and cshow access both expath via...
PT-2026-30187
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the NFS daemon NFSD related to the handling of sub-object cleanup during export release. Specifically, the svc export put function calls path put...
kernel: iommufd: Fix race during abort for file descriptors
A flaw was found in the Linux kernel such that the IOMMU file-descriptor subsystem, when aborting the allocation of a new object before installing the file descriptor, the code calls fput on the file and then immediately frees the associated object kfree, but the object is still referenced by the...
kernel: iommufd: Fix race during abort for file descriptors
A flaw was found in the Linux kernel such that the IOMMU file-descriptor subsystem, when aborting the allocation of a new object before installing the file descriptor, the code calls fput on the file and then immediately frees the associated object kfree, but the object is still referenced by the...
kernel: iommufd: Fix race during abort for file descriptors
A flaw was found in the Linux kernel such that the IOMMU file-descriptor subsystem, when aborting the allocation of a new object before installing the file descriptor, the code calls fput on the file and then immediately frees the associated object kfree, but the object is still referenced by the...
kernel: iommufd: Fix race during abort for file descriptors
A flaw was found in the Linux kernel such that the IOMMU file-descriptor subsystem, when aborting the allocation of a new object before installing the file descriptor, the code calls fput on the file and then immediately frees the associated object kfree, but the object is still referenced by the...