CVE-2026-43064 dmaengine: idxd: Fix not releasing workqueue on .release()

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release The workqueue associated with an DSA/IAA device is not released when the object is freed...

SUSE CVE-2026-31508

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasing netdev before teardown completes The patch cited in the Fixes tag below changed the teardown code for OVS ports to no longer unconditionally take the RTNL. After this change, the netdevdestroy...

EUVD-2023-59999

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...

SUSE CVE-2023-53609

In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: core: Do not increase scsidevice's iorequestcnt if dispatch failed" The "atomicinc&cmd-device-iorequestcnt" in scsiqueuerq would cause kernel panic because cmd-device may be freed after returning from...

CVE-2023-53609 scsi: Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed"

In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: core: Do not increase scsidevice's iorequestcnt if dispatch failed" The "atomicinc&cmd-device-iorequestcnt" in scsiqueuerq would cause kernel panic because cmd-device may be freed after returning from...

CVE-2023-53609

CVE-2023-53609 affects Linux kernel’s SCSI subsystem. The vulnerability stems from atomic_inc(&cmd->device->iorequest_cnt) in scsi_queue_rq(), which could access a freed scsi_device after scsi_dispatch_cmd() returns, risking kernel panic. The patch reverts the changes introduced by commit c...

CVE-2023-53609 scsi: Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed"

In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: core: Do not increase scsidevice's iorequestcnt if dispatch failed" The "atomicinc&cmd-device-iorequestcnt" in scsiqueuerq would cause kernel panic because cmd-device may be freed after returning from...

CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Disable works on hciunregisterdev This make use of disablework on hciunregisterdev since the hcidev is about to be freed new submissions are not disarable...

PT-2025-3576

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc3-syzkaller-00399-g9197b73fd7bb Description A slab-use-after-free issue has been identified in the Linux kernel, specifically in the RDMA/rxe component. This problem occurs when the event ib cache event...

PT-2024-33787

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the net/ncsi component. The issue arises when the work function is not disabled before freeing the associated...

kernel: net: ti: fix UAF in tlan_remove_one

A vulnerability was found in the Linux kernel's TI TLAN driver, where the tlanremoveone function can lead to a use-after-free issue when the driver attempts to access private data after the network device has already been freed, potentially causing system instability or crash...