17 matches found
CVE-2026-52977
A flaw was found in the Linux kernel's futex Fast Userspace Mutexes subsystem. A race condition between two concurrent futex operations can lead to a system live lock. This occurs when a task attempting to exit early due to a signal or timeout becomes deadlocked while another task continuously...
Linux Distros Unpatched Vulnerability : CVE-2026-52977
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - futex: Prevent lockup in requeue-PI during signal/ timeout wakeup During wait-requeue-pi task A and requeue-PI task B the following race can happen: Task A Tas...
EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2171)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid...
Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6)
This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.50 fixes various security issues The following security issues were fixed: CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. CVE-2025-39977: futex: Prevent use-after-free during...
SUSE-SU-2026:1708-1 Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.6 fixes various security issues The following security issues were fixed: - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. - CVE-2025-39977: futex: Prevent use-after-free during...
SUSE-SU-2026:21471-1 Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-33.1 fixes various security issues The following security issues were fixed: - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI...
Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.8 fixes various security issues The following security issues were fixed: CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. CVE-2025-39977: futex: Prevent use-after-free during requeue-...
CVE-2026-23415 futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy()
In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futexkeytonodeopt and vmareplacepolicy During futexkeytonodeopt execution, vma-vmpolicy is read under speculative mmap lock and RCU. Concurrently, mbind may call vmareplacepolicy which frees the old mempoli...
SUSE-SU-2026:20498-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-54013: interconnect: Fix locking for runpm vs reclaim bsc1256280. - CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. ...
Siemens S7-1500 Use After Free (CVE-2025-39977)
"In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futexwaitrequeuepi futexdowait schedule futexrequeue futexproxytrylockatomic futexrequeuepiprepare requeuepiwakefutex...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Futex: Do not leak the robustlist pointer during the exec race condition. The functions sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check whether the calling task is allowed to access another task’s...
EUVD-2025-201861
In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access another task's robustlist pointer. This check is racy against a...
CVE-2025-40341
CVE-2025-40341 concerns a race in futex handling (robust_list) in the Linux kernel where sys_get_robust_list() and compat_get_robust_list() could leak a user process’s robust_list pointer across an exec() transition. The issue arises because ptrace_may_access() checks permissions before an exec()...
Linux Distros Unpatched Vulnerability : CVE-2025-39977
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futexwaitrequeuepi futexdowait schedule futexrequeue...
CVE-2025-39977 futex: Prevent use-after-free during requeue-PI
In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futexwaitrequeuepi futexdowait schedule futexrequeue futexproxytrylockatomic futexrequeuepiprepare requeuepiwakefutex...
CVE-2025-39977
Summary (CVE-2025-39977): The Linux kernel fixes a race in futex_wait_requeue_pi that could enable a use-after-free of futex_q during requeue-PI wakeups. The issue arises when T1 is woken and the code path can leave futex_wait_requeue_pi() without using futex_q::lock_ptr for synchronization. The ...
USN-4910-1 linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities
Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability. CVE-2021-20239 It was discovered that the BPF verifier in the Linux...