232 matches found
PT-2026-2600
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock situation can occur between nfc unregister device and rfkill fop write functions due to an inversion of lock ordering between device lock and rfkill global mutex. Specifically...
kernel: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver
A flaw was found in the Linux kernel’s phylink subsystem: when phylinkresolve executes while pl-statemutex is held, it may acquire pl-phydev-lock out of order relative to other paths phylinkbringupphy or phylinkdisconnectphy that acquire pl-phydev-lock prior to pl-statemutex. This lock inversion...
PT-2026-20447
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The driver override show function in the Linux kernel can experience a use-after-free condition. This occurs because the function reads the driver override string without acquiring the...
SUSE CVE-2023-54164
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix isoconn related locking and validity issues sk-skstate indicates whether isopisk-conn is valid. Operations that check/update skstate and access conn should hold locksock, otherwise they can race. The order of...
SUSE CVE-2023-54324
In the Linux kernel, the following vulnerability has been resolved: dm: fix a race condition in retrievedeps There's a race condition in the multipath target when retrievedeps races with multipathmessage calling dmgetdevice and dmputdevice. retrievedeps walks the list of open devices without...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992930)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992930 advisory. In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential deadlock in driverattach In driverattach function, There are also AA...
CVE-2023-54164
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix isoconn related locking and validity issues sk-skstate indicates whether isopisk-conn is valid. Operations that check/update skstate and access conn should hold locksock, otherwise they can race. The order of...
EUVD-2025-203775
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmtpending before write iter sends the cmd, just as...
CVE-2025-68310
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Do not block PCI config accesses through pcicfgaccesslock when executing the s390 variant of PCI error recovery: Acquire just devicelock instead of pcidevlock as...
CVE-2025-68310
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Do not block PCI config accesses through pcicfgaccesslock when executing the s390 variant of PCI error recovery: Acquire just devicelock instead of pcidevlock as...
UBUNTU-CVE-2025-68310
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Do not block PCI config accesses through pcicfgaccesslock when executing the s390 variant of PCI error recovery: Acquire just devicelock instead of pcidevlock as...
UBUNTU-CVE-2025-68305
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmtpending before write iter sends the cmd, just as...
CVE-2025-68310
CVE-2025-68310 : Linux kernel fix for a deadlock between PCI error recovery and mlx5 crdump on s390. The patch avoids blocking PCI config accesses by PCI error recovery code by acquiring only device_lock() (not pci_dev_lock()), preventing hangs in mlx5_health_unload and crdump collection when PCI...
CVE-2025-68305 Bluetooth: hci_sock: Prevent race in socket write iter and sock bind
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmtpending before write iter sends the cmd, just as...
Linux Distros Unpatched Vulnerability : CVE-2025-68194
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: imon: make sendpacket more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock 1. First...
kernel: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue
A flaw was discovered in the Bluetooth subsystem of the Linux kernel. When processing a HCIEVNUMCOMPPKTS event, the function hciconntxdequeue did not properly hold or release the hdev device lock, which may lead to a use-after-free of the connection structure...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989312)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989312 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid pcidevlock AB/BA deadlock with sriovnumvfsstore The sysfs sriovnumvfsstore path acquir...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989948)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989948 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid pcidevlock AB/BA deadlock with sriovnumvfsstore The sysfs sriovnumvfsstore path acquir...
CVE-2025-43460
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information...
EUVD-2025-31843
A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing manipulation of the argument ID results in cross site scripting. It is...