229 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53118
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vdpa: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: devioctl: Must take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: phylink: Added a lock to serialize concurrent writes to pl-phydev using phylinkresolve. Currently, phylinkresolve protects itself against concurrent calls to phylinkbringupPhyio or phylinkdisconnectPhyio that modify pl-phyde...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fixed a deadlock in the usbdeauthorizeinterface function. Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interfaceauthorizedstore function is the only one that acquires a device lock on an...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fixed a deadlock between nfcunregisterdevice and rfkillfopwrite. A deadlock can occur between nfcunregisterdevice and rfkillfopwrite due to the inverted lock order between devicelock and rfkillglobalmutex. The problemat...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: macsec: sync features on RTMNEWLINK Syzkaller was able to lock the lower device via ETHTOOLSFEATURES: - netdevlock, include/linux/netdevice.h: 2761 inline - netdevops, include/net/netdevlock.h: 42 inline -...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: USB: core: Fixed a race condition by not overwriting udev-descriptor in hubportinit. Syzbot reported an out-of-bounds read in sysfs.c:readdescriptors: BUG: KASAN: Out-of-bounds reading in readdescriptors+0x263/0x280,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Added locks for usbdriverclaiminterface The documentation for usbdriverclaiminterface states that “the device lock” is required when this function is called from locations other than probe. This seems ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: hsr: It is necessary to hold the rcu lock and dev lock during the execution of hsrgetportndev. The hsrgetportndev function calls hsrforeachport, which requires holding the rcu lock. On the other hand, before returning the port...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dlm: Fix for invalid read operations This patch addresses an invalid read operation shown by KASAN. An unlock operation allocates an instance of struct plockop, and a subsequent sendop call appends it to a global sendlist data...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: vlan: do not propagate flags on open With the device instance lock, there is now a possibility of a deadlock: 1.211455=========================================== 1.211571WARNING: possible recursive locking detected...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: sfc: fixed a deadlock in the RSS config read operation. Since the referenced commit, core locked the rsslock of netdevice when handling the ethtool -x command. Therefore, the driver’s implementation should no longer lock it. Remo...
CVE-2026-0092
In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0092
The CVE-2026-0092 entry is tied to the Android Package Manager and describes a device lock controller bypass caused by a missing permission check. The underlying issue enables local escalation of privilege with no extra execution privileges and requires no user interaction. The impact is describe...
PT-2026-50236
Name of the Vulnerable Software and Affected Versions Package Manager affected versions not specified Description A missing permission check in Package Manager allows for a device lock controller bypass. This issue enables local escalation of privilege without requiring additional execution...
CVE-2026-46111
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...
CVE-2026-46111
The CVE concerns a use-after-free in the Linux kernel Bluetooth stack (hci_conn, BIG creation). The patch adds hci_conn_valid() in create_big_sync() to detect stale connections before BIG creation, handles -ECANCELED in create_big_complete(), and re-validates under hci_dev_lock() before dereferen...
CVE-2026-46056
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in SSP passkey handlers hciconn lookup and field access must be covered by hdev lock in hciuserpasskeynotifyevt and hcikeypressnotifyevt, otherwise the connection can be freed concurrently...
PT-2026-43923
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Bluetooth component of the Linux kernel within the SSP passkey handlers. The hci conn lookup and field access in the hci user passkey notify evt and...
SUSE CVE-2025-71274
In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...