Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/smc: fixed a deadlock caused by canceldelayedworksyn The following LOCKDEP was detected: Workqueue: events smclgrfreework smc WARNING: a circular locking dependency was detected...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a deadlock in l2capconndel. The l2capconndel function calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the functions l2capinfotimeout and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Lag, fix failure to cancel delayed bond work The commit 0d4e8ed139d8 “net/mlx5: Lag, avoid lockdep warnings” accidentally removed a call to cancel delayed bond work. This may cause queued delays to expire and affect wor...

UBUNTU-CVE-2026-43382

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...

CVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock in l2capconndel l2capconndel calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the work functions l2capinfotimeout and l2capconnupdateidaddr both acqui...

Linux Distros Unpatched Vulnerability : CVE-2026-31499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix deadlock in l2capconndel l2capconndel calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007593 advisory. In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rdstcpresetcallbacks syzbot is reporting...

Linux Distros Unpatched Vulnerability : CVE-2026-23393

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bridge: cfm: Fix race condition in peermep deletion When a peer MEP is being deleted, canceldelayedworksync is called on ccmrxdwork before freeing. However,...

Linux Distros Unpatched Vulnerability : CVE-2026-23240

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tls: Fix race condition in tlsswcancelworktx This issue was discovered during a code audit. After canceldelayedworksync is called from tlsskprotoclose,...

CVE-2026-23240

In CVE-2026-23240, the Linux kernel fixed a race condition in TLS handling where cancel_delayed_work_sync() used during tls_sk_proto_close() could allow tls_sw_cancel_work_tx() to schedule tx_work_handler() after the TLS object was freed. The root cause involved potential scheduling from paths li...

CVE-2025-68781 usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal

In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal The delayed work item otgevent is initialized in fslotgconf and scheduled under two conditions: 1. When a host controller binds to the OTG controller. 2...

UBUNTU-CVE-2023-54079

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx: Fix pollinterval handling and races on remove Before this patch bq27xxxbatteryteardown was setting pollinterval = 0 to avoid bq27xxxbatteryupdate requeuing the delayedwork item. There are 2 problems with...

CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work

In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'immtq' is initialized in immattach and scheduled via immqueuecommand for processing SCSI commands. When the IMM parallel port SCSI host...

CVE-2022-50676 net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()

In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rdstcpresetcallbacks syzbot is reporting lockdep warning at rdstcpresetcallbacks 1, for commit ac3615e7f3cffe2a "RDS: TCP: Reduce code duplication in rdstcpresetcallbacks"...

PT-2026-2513

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the USB PHY driver for Freescale fsl-usb within the Linux kernel. The vulnerability occurs due to a race condition during device removal where a delayed...

SUSE CVE-2025-40001

In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue During the detaching of Marvell's SAS/SATA controller, the original code calls canceldelayedwork in mvsfree to cancel the delayed work item mwq-workq. However, if mwq-workq is...

CVE-2025-40003

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls canceldelayedwork in ocelotstatsdeinit to cancel the cyclic delayed work item ocelot-statswork. However, canceldelayedwork may fail to canc...

CVE-2025-40001 scsi: mvsas: Fix use-after-free bugs in mvs_work_queue

In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue During the detaching of Marvell's SAS/SATA controller, the original code calls canceldelayedwork in mvsfree to cancel the delayed work item mwq-workq. However, if mwq-workq is...

OESA-2025-2467 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Use disabledelayedworksync This makes use of disabledelayedworksync instead canceldelayedworksync as it not only cancel the ongoing work but...

EUVD-2022-55550

Malicious code in bioql PyPI...