52 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: rcu-tasks: Fixed a race condition in the schedule function and the flush work operation. When booting secondary CPUs, cpusreadlock/unlock does not keep the online cpumask stable. This temporary change in the online mask result...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: dm cache: Fixed the issue where uninitialized delayedwork objects were flushed during a cachectr error. An unexpected WARN message may occur when cache creation fails, caused by destroying the uninitialized delayedwork object ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: vhosttask: Handles SIGKILL by flushing the work and exiting. Instead of lingering until the device is closed, this resolves the issue by handling SIGKILL as follows: 1. Marking the worker as killed, so we no longer attempt to use...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvme-tcp: fixed a possible use-after-free issue in the transport errorrecovery mechanism. While nvmetcpsubmitasynceventwork checks the ctrl and queue states before preparing the AER command and scheduling iowork, this check is...
SUSE CVE-2026-43275
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...
CVE-2026-43275 scsi: ufs: core: Flush exception handling work when RPM level is zero
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...
CVE-2026-43275
In the Linux kernel, a race condition in the UFS core driver can occur during system suspend when Runtime Power Management (RPM) level is zero. The driver previously bypassed flushing the exception-event handling work in this state, risking illegal host-controller access after entering deep power...
CVE-2026-31557
In the Linux kernel, the following vulnerability has been resolved: nvmet: move async event work off nvmet-wq For target nvmetctrlfree flushes ctrl-asynceventwork. If nvmetctrlfree runs on nvmet-wq, the flush re-enters workqueue completion for the same worker:- A. Async event work queued on...
SUSE CVE-2026-23452
In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...
EUVD-2026-18704
In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...
CVE-2026-23452
In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...
CVE-2026-23452
In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...
UBUNTU-CVE-2026-23452
In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...
CVE-2026-23452
In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...
CVE-2026-23452
CVE-2026-23452 refers to a race condition in the Linux kernel PM: runtime code during device removal. The root cause described is the potential dereference of the parent device pointer (parent->power) after the parent is freed within pm_runtime_work(), which could lead to a use-after-free scen...
CVE-2026-23452 PM: runtime: Fix a race condition related to device removal
In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...
CVE-2026-23452 PM: runtime: Fix a race condition related to device removal
In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pmruntimework may dereference the dev-parent pointer after the parent device has been freed: / Maybe the parent is now able to suspend. / if parent...
PT-2026-30147
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the pm runtime work function related to device removal, potentially leading to a use-after-free issue. The issue occurs when the parent device is freed while t...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal The devicedel function can cause new work to be scheduled in the gadget-workqueue. This issue is observed, for example, with the dwc3 driver, as follows: c devicedel...
CVE-2025-40256 xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added
In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added In commit b441cf3f8c4b "xfrm: delete x-tunnel as we delete x", I missed the case where state creation fails between full initialization...