EUVD-2024-51896

Malicious code in bioql PyPI...

PT-2025-34560

🍏 AppleDevelopers use NSFileManager thinking it’s safe — but @patch1t found a race condition once thought “impossible to exploit.” At NullconBerlin2025, he’ll show how it works, why CVE-2024-54566 failed, and Apple’s final fix. 👉 https://t.co/aygSUbH82F iOS applesecurity https://t.co/NUj3VSLGya...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_6

This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: CVE-2025-22115: btrfs: fix block group refcount race in btrfscreatependingblockgroups bsc1241579 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

CVE-2025-38492

In CVE-2025-38492, the Linux kernel netfs subsystem exposes a race between cache write completion and NETFS_RREQ_ALL_QUEUED being set. When netfslib spawns subrequests (e.g., copy2cache used by Ceph) that finish asynchronously, the collector can be blocked if ALL_QUEUED is set after subrequests a...

CVE-2025-38492 netfs: Fix race between cache write completion and ALL_QUEUED being set

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix race between cache write completion and ALLQUEUED being set When netfslib is issuing subrequests, the subrequests start processing immediately and may complete before we reach the end of the issuing function. At the en...

CVE-2025-38352 posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel If an exiting non-autoreaping task has already passed exitnotify and calls handleposixcputimers from IRQ, it can be reaped by its parent or debugger rig...

CVE-2025-37930

CVE-2025-37930 affects Linux kernels containing the drm/nouveau fix for WARN_ON in nouveau_fence_context_kill(). The issue arises because nouveau_fence_done() can signal fences, leaving signaled fences in the pending list, and a concurrent call to nouveau_fence_context_kill() could attempt to set...

CVE-2025-37906 ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd

In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between iouringcmdcompleteintask and ublkcancelcmd ublkcancelcmd calls iouringcmddone to complete uringcmd, but we may have scheduled task work via iouringcmdcompleteintask for dispatching request, then kernel cras...

RLSA-2025:0065 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: i40e: fix race condition by adding filter's intermediate sync state CVE-2024-53088 kernel: mptcp: cope racing subflow creation in mptcprcvspaceadjust CVE-2024-53122 For more details about...

CVE-2024-49855

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbdrequeuecmd, normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix t...

CVE-2024-47689

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to don't set SBRDONLY in f2fshandlecriticalerror syzbot reports a f2fs bug as below: ------------ cut here ------------ WARNING: CPU: 1 PID: 58 at kernel/rcu/sync.c:177 rcusyncdtor+0xcd/0x180 kernel/rcu/sync.c:177 CPU: ...

CVE-2024-46734 btrfs: fix race between direct IO write and fsync when using same fd

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 2 threads that are using the same file descriptor and one of them is doing direct IO writes while the other is doing fsync, we have a race where we c...

CVE-2022-48784 cfg80211: fix race in netlink owner interface destruction

In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix race in netlink owner interface destruction My previous fix here to fix the deadlock left a race where the exact same deadlock see the original commit referenced below can still happen if cfg80211destroyifaces alrea...

CVE-2024-39501

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2022-48759

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsgctrldev and cdev struct rpmsgctrldev contains a struct cdev. The current code frees the rpmsgctrldev struct in rpmsgctrldevreleasedevice, but the cdev is a managed object, therefo...

SUSE SLES12 Security Update : kernel (Live Patch 43 for SLE 12 SP5) (SUSE-SU-2024:1686-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1686-1 advisory. - In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKE...

CVE-2021-46982

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix race condition of overwrite vs truncate posfsstress testcase complains a panic as belew: ------------ cut here ------------ kernel BUG at fs/f2fs/compress.c:1082! invalid opcode: 0000 1 SMP PTI CPU: 4 PID:...

GSD-2023-1002169 USB: gadgetfs: Fix race between mounting and unmounting

USB: gadgetfs: Fix race between mounting and unmounting This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.165 by commit...

GSD-2023-1001736 USB: gadgetfs: Fix race between mounting and unmounting

USB: gadgetfs: Fix race between mounting and unmounting This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.90 by commit...

GSD-2023-1000145 net: mana: Fix race on per-CQ variable napi work_done

net: mana: Fix race on per-CQ variable napi workdone This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.83 by commit...