EUVD-2026-38839

In the Linux kernel, the following vulnerability has been resolved: net: ena: PHC: Fix potential use-after-free in gettimestamp Move the phc-active check and resp pointer assignment to after acquiring the spinlock. Previously, phc-active was checked without holding the lock, and resp was cached...

EUVD-2026-38700

In the Linux kernel, the following vulnerability has been resolved: ipc/shm: serialize orphan cleanup with shmnattch updates shmdestroyorphaned walks the shm idr under shmidsns.rwsem, but that does not serialize all fields tested by shmmaydestroy. In particular, shmnattch is updated while holding...

CVE-2026-52930

The CVE concerns the Linux kernel’s shared memory (ipc/shm) subsystem, specifically the orphan cleanup path. The vulnerability arises because shm_destroy_orphaned() traverses shm IDs under shm_ids(ns).rwsem but shm_nattch can be updated while holding shm_perm.lock, and attach paths may modify it ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: perf: Ensure that the swevent hrtimer is properly destroyed. With the change to hrtimertrytocancel in perfswevent Cancelhrtimer, it appears possible for the hrtimer to still be active by the time the event is freed. Make sure tha...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: tee, amdtee: fixed the use-after-free vulnerability in amdteeclosesession. There is a potential race condition in amdteeclosesession that may cause a use-after-free in amdteeopenSession. For example, if a session has a referen...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed error handling in kfdprocessdeviceinitvm It is necessary to only destroy the ibmem and let the process cleanup worker free the outstanding BOs. Reset the pointer in the pdd-qpd structure to avoid NULL pointer...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fixed use-after-free bugs in otx2synctstamp. The original code relies on canceldelayedwork in otx2ptpDestroy, which does not ensure that the delayed work item synctstampwork has fully completed if it was already...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: gtp: Fixed a use-after-free in gtpencapdestroy. syzkaller reported a use-after-free in gtpencapdestroy. The same process freed “sk” and accessed it illegally. The commit e198987e7dd7 “gtp: fix suspicious RCU usage” added...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - dm clone: Fixed a UAF Use-after-Free in clonedtr. - Dmclone also has the same UAF issue when dmresume and dmdestroy are executed concurrently. Therefore, the timer is canceled again in clonedtr...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: The corruption of the slabcaches list after kmemcacheDestroy has been fixed. After the commit in “Fixes”, if a module that creates a slab cache does not release all of its allocated objects before destroying the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clsact: Fixed a use-after-free issue in the init/destroy rollback asymmetry. A use-after-free occurred when initializing or destroying a clsact instance during the rollback process. This issue was addressed by first fully...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cgroup: Split cgroupdestroywq into 3 workqueues A hang can occur during 1 LTP cgroup testing when repeatedly mounting/unmounting perfevent and netprio controllers with systemd.unifiedcgrouphierarchy=1. The hang manifests in...

Astra Linux – Vulnerability in Linux

A race condition in Linux kernel SCTP sockets net/sctp/socket.c before version 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If the sctpdestroysock function is called without using the socknetsk-sctp.addrwqlock lock, an element...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fixed a UAF in runtimersoftirq When dmresume and dmdestroy are executed concurrently, it will lead to a UAF, as follows: Bug: KASAN: Use-after-free in runtimers+0x173/0x710 A 8-byte value is written to the address...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fixed the issue with rcudereferenceprotected. When destroying all sets, we are either in the pernetexit phase or executing a “destroy all sets” command from user space. The latter was taken into account in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Thermal: Core – The putdevice function should only be called after deviceregister fails. putdevice should not be called before a previous call to deviceregister. thermalcoolingdeviceregister does not follow this principle...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: xdp: fixed an invalid wait context in pagepoolDestroy If the driver uses a page pool, it creates a page pool using pagepoolcreate. The reference count of the page pool is 1 by default. A page pool will only be destroyed when its...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: Fixed the memory leak associated with xarray nodes. If the xassplitalloc function fails to allocate the necessary nodes to complete the xarray entry splitting, it sets the xastate to -ENOMEM. This is then interpret...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fixed the issue of leaking the multicast GID table reference. If the CM ID is destroyed while the CM event for multicast creation is still queued, the cancelworksync function will prevent the work from running. This also...

Siemens RUGGEDCOM RST2428P Improper Update of Reference Count (CVE-2025-40251)

In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to Unset parent for all rate objects. However, it was only calling the driver-specific rateleafparentset or...