Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: vhosttask: Handles SIGKILL by flushing work and exiting. Instead of lingering until the device is closed, this resolves the issue by handling SIGKILL as follows: 1. Marking the worker as killed, so we no longer attempt to use it...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Net: Bridge: mcast: Wait for previous GC cycles when removing a port The syzbot encountered a use-after-free issue1. This issue occurs because the bridge does not ensure that all previous garbage collection cycles are completed...

SUSE CVE-2026-43275

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...

CVE-2026-43275

In the Linux kernel, a race condition in the UFS core driver can occur during system suspend when Runtime Power Management (RPM) level is zero. The driver previously bypassed flushing the exception-event handling work in this state, risking illegal host-controller access after entering deep power...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: rcu-tasks: Fixed a race condition in the schedule function and the flush work operation. When booting secondary CPUs, cpusreadlock/unlock does not keep the online cpumask stable. This temporary online mask results in the...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nvme-tcp: fixed a possible use-after-free issue in the transport errorrecovery mechanism. While nvmetcpsubmitasynceventwork checks the ctrl and queue states before preparing the AER command and scheduling iowork, this check is...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal devicedel can lead to new work being scheduled in gadget-work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: devicedel...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: dm cache: Fixed the issue where uninitialized delayedwork objects were flushed during a cachectr error. An unexpected WARN message may occur when cache creation fails, caused by destroying the uninitialized delayedwork object ...

CVE-2026-31557

In the Linux kernel, the following vulnerability has been resolved: nvmet: move async event work off nvmet-wq For target nvmetctrlfree flushes ctrl-asynceventwork. If nvmetctrlfree runs on nvmet-wq, the flush re-enters workqueue completion for the same worker:- A. Async event work queued on...

SUSE CVE-2026-23452

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

EUVD-2026-18704

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

CVE-2026-23452

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

UBUNTU-CVE-2026-23452

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

CVE-2026-23452

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

CVE-2026-23452 PM: runtime: Fix a race condition related to device removal

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

CVE-2026-23452

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

CVE-2026-23452

CVE-2026-23452 refers to a race condition in the Linux kernel PM: runtime code during device removal. The root cause described is the potential dereference of the parent device pointer (parent->power) after the parent is freed within pm_runtime_work(), which could lead to a use-after-free scen...

PT-2026-30147

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pm runtime work may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if pare...

CVE-2025-40256 xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added

In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added In commit b441cf3f8c4b "xfrm: delete x-tunnel as we delete x", I missed the case where state creation fails between full initialization...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989654 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix race in schedule and flush work While booting secondary CPUs, cpusreadlock/unlock ...