EUVD-2026-38968

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix deadlock in remain-on-channel mt76remainonchannel and mt76roccomplete call mt76setchannel while already holding dev-mutex. Since mt76setchannel also acquires dev-mutex, this results in a deadlock. Use mt76setchann...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fixed use-after-free bugs in otx2synctstamp. The original code relies on canceldelayedwork in otx2ptpDestroy, which does not ensure that the delayed work item synctstampwork has fully completed if it was already...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: libceph: fixed a race condition between delayedwork and cephmoncstop The way delayed work is handled in cephmoncstop is prone to races with monfault, and possibly also finishhunting. Both of these can requeue the delayed work,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: mcp-2221 – prevented UAF in delayed work. If the device is plugged/unplugged without giving time for mcpinitwork to complete, we might trigger the devm free code path, resulting in an unavailable struct mcp2221 during delaye...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a deadlock in l2capconndel. The l2capconndel function calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the functions l2capinfotimeout and...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bridge: cfm: Fixed a race condition in the peermep deletion process. When a peer MEP is being deleted, the canceldelayedworksync function is called on ccmrxdwork before freeing the object. However, brcfmframerx runs in a softirq...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: micrel: Fixed the issue of receiving the timestamp in the frame for lan8841. The related commit began using the ptp workqueue to retrieve the second part of the timestamp. When the port is disabled, this workqueue is stopped...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Thunderbolt: Fixed a use-after-free in tbdpdprxwork. The original code relied on canceldelayedwork in tbdpdprxstop, which does not ensure that the delayed work item tunnel-dprxwork has fully completed if it was already running...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec-work The delayed work uec-work is scheduled in gaokunucsiprobe but never properly canceled in gaokunucsiremove. This creates use-after-free scenarios where the ucsi and gaokunucs...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Use hdev-workqueue when scheduling hdev-cmd,ncmdtimer works. syzbot reports that an attempt is made to schedule hdev-cmdwork from systemwq to hdev-workqueue WQ, which is currently in a draining operation 1. Commit...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Added missing delayed work cancellation for headset status. The call to canceldelayedworksync was missed, resulting in a use-after-free in corsairvoidremove...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cnic: Fixed use-after-free bugs in cnicdeletetask. The original code used canceldelayedwork in cniccmstopbnx2xHW, which does not guarantee that the delayed work item “deletetask” has fully completed if it was already running...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/smc: fixed a deadlock caused by canceldelayedworksyn The following LOCKDEP was detected: Workqueue: events smclgrfreework smc WARNING: a circular locking dependency was detected...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: b2c2: Fix for a use-after-free caused by irqcheckwork in flexcoppciremove. The original code uses canceldelayedwork in flexcoppci Remove, which does not guarantee that the delayed task irqcheckwork has fully completed if i...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fixed the issue where work was rescheduled after cancellation in xfrmnatkeepalivenetfini. After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes the remaining states via xfrmstatedelete,...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: rds: Do not hold the sock lock when canceling work from rdstcpresetcallbacks. The syzbot is reporting a lockdep warning at rdstcpresetcallbacks, for the commit ac3615e7f3cffe2a “RDS: TCP: Reduce code duplication in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Media: Tuner: xc5000: Fixed a use-after-free in xc5000release. The original code used canceldelayedwork in xc5000release, which does not guarantee that the delayed work item timersleep has fully completed if it was already runnin...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Cancel dqisyncwork before freeing oinfo. The ocfs2globalreadinfo function will initialize and schedule dqisyncwork at the end. If an error occurs after successfully reading the global quota, the following warning will be...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a slab-use-after-free issue in hdcpwork Why A slab-use-after-free issue was reported when HDCP was destroyed, but the propertyvalidatedwork queue was still running. How The delayed work was canceled when th...

SUSE CVE-2026-46202

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: run inactivity autodim from workqueues The autodim code in hid-appletb-kbd takes backlightdevice-opslock via backlightdevicesetbrightness - mutexlock from two different atomic contexts: appletbinactivitytimer is...