Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed the inversion dependency warning when enabling IPsec tunnel. Attempts to enable IPsec packet offloading in tunnel mode in the debug kernel generate the following kernel panic, due to two issues: 1. In the SA a...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: added flushworkqueue to prevent UAF. Our detector identified a bug caused by concurrent use-after-free when detaching a NCI device. The main reason for this bug is the unexpected scheduling between the delayed mechanism...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: nbd: Fixed NULL pointer in flushworkqueue Open /dev/nbdX first; the configrefs will be 1, and the pointers in nbddevice will still be null. Disconnect /dev/nbdX, then reference a null recvworkq. The protection provided by...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007609)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007609 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue Open /dev/nbdX first, the configrefs will be 1 and the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992994)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992994 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:atkernel/workqueue.c:checkflushdependency In the commit aee2424246f9...

EUVD-2023-60397

In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: Fix oops when removing custom query handlers When removing custom query handlers, the handler might still be used inside the EC query workqueue, causing a kernel oops if the module holding the callback function was...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990174)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990174 advisory. In the Linux kernel, the following vulnerability has been resolved: locking/wwmutex/test: Fix potential workqueue corruption In some cases running with the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989512)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989512 advisory. In the Linux kernel, the following vulnerability has been resolved: locking/wwmutex/test: Fix potential workqueue corruption In some cases running with the...

usb: gadget: core: flush gadget workqueue after device removal

...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use After Free (CVE-2024-47696)

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:atkernel/workqueue.c:checkflushdependency In the commit aee2424246f9 RDMA/iwcm: Fix a use-after-free related to destroying CM IDs, the function flushworkqueue is invoked to flush the work queue iwcmwq. But ...

Linux Distros Unpatched Vulnerability : CVE-2025-39945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cnic: Fix use-after-free bugs in cnicdeletetask The original code uses canceldelayedwork in cniccmstopbnx2xhw, which does not guarantee that the delayed work it...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987069)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987069 advisory. In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flushworkqueue to prevent uaf Our detector found a concurrent use-after-free bug wh...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987193 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/ibsrp: Fix a deadlock Remove the flushworkqueuesystemlongwq call since flushing systemlongwq...

EUVD-2025-32383

In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnicdeletetask The original code uses canceldelayedwork in cniccmstopbnx2xhw, which does not guarantee that the delayed work item 'deletetask' has fully completed if it was already running...

CVE-2025-39945

In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnicdeletetask The original code uses canceldelayedwork in cniccmstopbnx2xhw, which does not guarantee that the delayed work item 'deletetask' has fully completed if it was already running...

AZL-68163 CVE-2025-39945 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnicdeletetask The original code uses canceldelayedwork in cniccmstopbnx2xhw, which does not guarantee that the delayed work item 'deletetask' has fully completed if it was already running...

AZL-75170 CVE-2025-39945 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnicdeletetask The original code uses canceldelayedwork in cniccmstopbnx2xhw, which does not guarantee that the delayed work item 'deletetask' has fully completed if it was already running...

CVE-2025-39945

The CVE-2025-39945 entry concerns a race in the Linux kernel cnic subsystem where a use-after-free can occur if a delayed work item (delete_task) remains active during cnic_dev deallocation. The root cause is that cancel_delayed_work() does not guarantee the delayed work item has finished if it i...

CVE-2025-39945 cnic: Fix use-after-free bugs in cnic_delete_task

In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnicdeletetask The original code uses canceldelayedwork in cniccmstopbnx2xhw, which does not guarantee that the delayed work item 'deletetask' has fully completed if it was already running...

DEBIAN-CVE-2025-39721

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - flush misc workqueue during device shutdown Repeated loading and unloading of a device specific QAT driver, for example qat4xxx, in a tight loop can lead to a crash due to a use-after-free scenario. This occurs when...