Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: Wait for previous GC cycles when removing a port. The syzbot encountered a use-after-free issue1. This issue occurs because the bridge does not ensure that all previous garbage collection cycles are completed...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: rcu-tasks: Fixed a race condition in the schedule function and the flush work operation. When booting secondary CPUs, cpusreadlock/unlock does not keep the online cpumask stable. This temporary change in the online mask result...

SUSE CVE-2026-43275

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...

CVE-2026-43275

In the Linux kernel, a race condition in the UFS core driver can occur during system suspend when Runtime Power Management (RPM) level is zero. The driver previously bypassed flushing the exception-event handling work in this state, risking illegal host-controller access after entering deep power...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: vhosttask: Handles SIGKILL by flushing work and exiting. Instead of lingering until the device is closed, this resolves the issue by handling SIGKILL as follows: 1. Marking the worker as killed, so we no longer attempt to use it...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nvme-tcp: fixed a possible use-after-free issue in the transport errorrecovery process. While nvmetcpsubmitasynceventwork checks the ctrl and queue states before preparing the AER command and scheduling iowork, this check is...

CVE-2026-31557

In the Linux kernel, the following vulnerability has been resolved: nvmet: move async event work off nvmet-wq For target nvmetctrlfree flushes ctrl-asynceventwork. If nvmetctrlfree runs on nvmet-wq, the flush re-enters workqueue completion for the same worker:- A. Async event work queued on...

SUSE CVE-2026-23452

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

EUVD-2026-18704

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

CVE-2026-23452

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

CVE-2026-23452

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

UBUNTU-CVE-2026-23452

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

CVE-2026-23452

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

CVE-2026-23452 PM: runtime: Fix a race condition related to device removal

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...

CVE-2026-23452

CVE-2026-23452 refers to a race condition in the Linux kernel PM: runtime code during device removal. The root cause described is the potential dereference of the parent device pointer (parent->power) after the parent is freed within pm_runtime_work(), which could lead to a use-after-free scen...

PT-2026-30147

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the pm runtime work function related to device removal, potentially leading to a use-after-free issue. The issue occurs when the parent device is freed while t...

CVE-2025-40256 xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added

In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added In commit b441cf3f8c4b "xfrm: delete x-tunnel as we delete x", I missed the case where state creation fails between full initialization...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989050)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989050 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix race in schedule and flush work While booting secondary CPUs, cpusreadlock/unlock ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989654 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix race in schedule and flush work While booting secondary CPUs, cpusreadlock/unlock ...

UBUNTU-CVE-2022-50426

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxdsprproc: Add mutex protection for workqueue The workqueue may execute late even after remoteproc is stopped or stopping, some resources rpmsg device and endpoint have been released in rprocstopsubdevices, then...