EUVD-2026-27795

In the Linux kernel, the following vulnerability has been resolved: net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets When the FarSync T-series card is being detached, the fstcardinfo is deallocated in fstremoveone. However, the fsttxtask or fstinttask may still be running ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi gladly removing the allocated async area even though poll requests are still active on the...

CVE-2025-68214

In the Linux kernel, the following vulnerability has been resolved: timers: Fix NULL function pointer race in timershutdownsync There is a race condition between timershutdownsync and timer expiration that can lead to hitting a WARNON in expiretimers. The issue occurs when timershutdownsync clear...

CVE-2025-68214

Summary (CVE-2025-68214): The Linux kernel timer subsystem had a race between timer_shutdown_sync() and timer_expire() that could trigger a WARN_ON_ONCE when a timer’s function pointer was cleared to NULL while the timer was still running. The root cause: timer_shutdown_sync() could detach the ti...

kernel: workqueue: Put the pwq after detaching the rescuer from the pool

A vulnerability was found in the Linux kernel's work queue subsystem, which manages background task execution. The issue stems from improper handling of the "rescuer" thread during the cleanup of unbound work queues...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990350)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990350 advisory. In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in localcleanup Fix a use-after-free that occurs in kfreeskb called...

EUVD-2025-26782

Malicious code in bioql PyPI...

EUVD-2023-59865

Malicious code in bioql PyPI...

SUSE CVE-2023-53219

In the Linux kernel, the following vulnerability has been resolved: media: netupunidvb: fix use-after-free at deltimer When Universal DVB card is detaching, netupunidvbdmafini uses deltimer to stop dma-timeout timer. But when timer handler netupunidvbdmatimeout is running, deltimer could not stop...

CVE-2023-53219

CVE-2023-53219 affects the Linux kernel media: netup_unidvb code, where detaching a Universal DVB card could lead to a use-after-free because del_timer() could not stop an active timer in netup_unidvb_dma_timeout() while the timer runs. The fix replaces del_timer() with del_timer_sync() to ensure...

CVE-2023-53219 media: netup_unidvb: fix use-after-free at del_timer()

In the Linux kernel, the following vulnerability has been resolved: media: netupunidvb: fix use-after-free at deltimer When Universal DVB card is detaching, netupunidvbdmafini uses deltimer to stop dma-timeout timer. But when timer handler netupunidvbdmatimeout is running, deltimer could not stop...

CVE-2023-53219 media: netup_unidvb: fix use-after-free at del_timer()

In the Linux kernel, the following vulnerability has been resolved: media: netupunidvb: fix use-after-free at deltimer When Universal DVB card is detaching, netupunidvbdmafini uses deltimer to stop dma-timeout timer. But when timer handler netupunidvbdmatimeout is running, deltimer could not stop...

PT-2025-37660

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a use-after-free issue within the netup unidvb driver when a Universal DVB card is detached. Specifically, the del timer function may not successfully stop th...

comedi: fix race between polling and detaching

...

Linux Distros Unpatched Vulnerability : CVE-2025-38687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi gladly removing the allocated...

SUSE CVE-2025-38687

In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi gladly removing the allocated async area even though poll requests are still active on the...

CVE-2025-38687 comedi: fix race between polling and detaching

In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi gladly removing the allocated async area even though poll requests are still active on the...

CVE-2025-38687

CVE-2025-38687 involves a race in the Linux kernel’s comedi subsystem where detaching a device can free the wait_queue_head before active poll entries are finished, causing a use-after-free. The fix adds synchronization in COMEDI_DEVCONFIG by unblocking in the detach path and applying a write loc...

workqueue: Put the pwq after detaching the rescuer from the pool

...

CVE-2025-21017

Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory...