CVE-2026-53117

A flaw was found in the Linux kernel, specifically within the s390/cio component. When a driver is being probed, a race condition can occur where the driveroverride field is accessed without proper locking. This can lead to a Use-After-Free UAF vulnerability, which may result in system instabilit...

CVE-2026-53115

A flaw was found in the Linux kernel's fsl-mc bus driver. During the driver probing process, a Use-After-Free UAF vulnerability can occur because the match callback accesses the driveroverride field without proper locking. This can lead to system instability or potentially allow an attacker to...

CVE-2026-53118

A flaw was found in the Linux kernel's vdpa driver. This vulnerability occurs because a specific field, driveroverride, is accessed without proper locking during the driver's initialization process. An attacker could exploit this Use-After-Free UAF condition to potentially execute arbitrary code ...

EUVD-2026-38988

In the Linux kernel, the following vulnerability has been resolved: PCI: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...

EUVD-2026-38986

In the Linux kernel, the following vulnerability has been resolved: vdpa: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause...

EUVD-2026-38987

In the Linux kernel, the following vulnerability has been resolved: platform/wmi: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which c...

CVE-2026-53119

Summary: CVE-2026-53119 affects the Linux kernel in platform/wmi code. The issue occurs when a driver is probed via __driver_attach(): the bus’ match() callback is invoked without the device lock held, allowing access to the driver_override field without proper synchronization, which can cause a ...

CVE-2026-53117

The CVE-2026-53117 issue affects the Linux kernel (s390/cio). During driver probing in __driver_attach(), the bus match() callback can access the driver_override field without the required device lock, creating a potential use-after-free. The fix switches to the driver-core driver_override infras...

EUVD-2026-38984

In the Linux kernel, the following vulnerability has been resolved: s390/ap: use generic driveroverride infrastructure When the AP masks are updated via apmaskstore or aqmaskstore, apbusrevisebindings is called after apattrmutex has been released. This calls aprevisereserved, which accesses the...

EUVD-2026-38983

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which ca...

CVE-2026-53116

CVE-2026-53116 affects the Linux kernel s390/ap subsystem. The vulnerability arises when AP masks are updated via apmask_store() or aqmask_store(): ap_bus_revise_bindings() runs after ap_attr_mutex is released and __ap_revise_reserved() accesses driver_override without a lock, racing with driver_...

OESA-2026-2415 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the devi...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driveroverride when rpmsgremove Free driveroverride when rpmsgremove. Otherwise, the following memory leak will occur: Unreferenced object 0xffff0000d55d7080 size 128: Comm "kworker/u8:2", pid 56, jiffies...

SUSE CVE-2025-71274

In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...

CVE-2025-71274

A flaw was found in the Linux kernel's rpmsg core. A race condition exists between the driveroverrideshow and driveroverridestore functions. This allows the driveroverride string to be freed while it is still being read, leading to a use-after-free vulnerability. This could potentially result in...

EUVD-2025-209674

In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...

CVE-2025-71274

In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...

CVE-2025-71274

In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...

CVE-2025-71274

CVE-2025-71274 concerns the Linux kernel rpmsg core. A race existed between driver_override_show() and driver_override_store(): the show path read the driver_override string without holding the device_lock, while the store path modified and freed it while the lock was held, enabling a use-after-f...

CVE-2025-71274 rpmsg: core: fix race in driver_override_show() and use core helper

In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...