261 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-52990
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fsnotify: fix inode reference leak in fsnotifyrecalcmask fsnotifyrecalcmask fails to handle the return value of fsnotifyrecalcmask, which may return an inode...
EUVD-2026-38858
In the Linux kernel, the following vulnerability has been resolved: fsnotify: fix inode reference leak in fsnotifyrecalcmask fsnotifyrecalcmask fails to handle the return value of fsnotifyrecalcmask, which may return an inode pointer that needs to be released via fsnotifydropobject when the...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Media: imon: Make sendpacket more robust syzbot reports that imon has three problems that result in hung tasks due to continuously holding the device lock 1. The first problem is that when usbrxcallbackintf0 receives an -EPROT...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: “hungtask”: fixed warnings caused by unaligned lock pointers. The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned, so that their lower bits can be used for type encoding. However, as reported by...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: iouring: Now waits for request completions upon exit. When the ring exits, cleanup is performed, and the final cancelations and waits for completions are handled by ioringexitwork. This function is invoked by kworker, which does...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Ensure that pages are unlocked in case of a failure in cowfilerange. There is a hangtask report for zoned btrfs as follows: https://github.com/naota/linux/issues/59 726.328648 INFO: Task rocksdb:high0:11085 blocked for...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: rcuscale: Move rcuscalewriter’s scheduletimeoutuninterruptible function to idle. The rcuscale.holdoff module parameter can be used to delay the start of rcuscalewriter’s kthread. However, the hung-task timeout will trigger when t...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a task that was stuck in ext4xattrdeleteinode. Syzbot reported a problem with stuck tasks: ================================================================== INFO: Task syz-executor232:5073 is blocked for more than...
SUSE CVE-2026-43314
In the Linux kernel, the following vulnerability has been resolved: dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 "blk-mq: move failure injection out of blkmqcompleterequest", drivers are responsible for calling blkshouldfaketimeout at appropriate code paths and...
CVE-2026-43314
In the Linux kernel, the following vulnerability has been resolved: dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 "blk-mq: move failure injection out of blkmqcompleterequest", drivers are responsible for calling blkshouldfaketimeout at appropriate code paths and...
CVE-2026-43314
CVE-2026-43314 affects the Linux kernel device mapper (dm) driver. The issue arises when an I/O timeout failure is injected into a dm device; because dm does not implement its own timeout handler, the request can leak and hang indefinitely. The root cause is the presence of blk_should_fake_timeou...
PT-2026-38956
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the dm driver, the failure to implement its own timeout handler while relying on slave devices leads to an issue where requests are leaked and never completed if an io-timeout-fail...
kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration
A flaw was found in the Linux kernel. A local attacker could exploit a deadlock vulnerability due to incorrect lock ordering between foliolock and immaprwsem when migrating hugetlb file-backed folios. This could lead to hung tasks and potential system-wide stalls, resulting in a Denial of Service...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011185)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011185 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: wait interruptibly for request completions on exit WHen the ring exits, cleanup is done...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013061)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013061 advisory. In the Linux kernel, the following vulnerability has been resolved: media: imon: make sendpacket more robust syzbot is reporting that imon has three problems which...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011095)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011095 advisory. In the Linux kernel, the following vulnerability has been resolved: igb: Fix igbdown hung on surprise removal In a setup where a Thunderbolt hub connects to Ethernet...
CVE-2026-29643
XiangShan Open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 contains an improper exceptional-condition handling flaw in its CSR subsystem NewCSR. On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007389)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007389 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BCFREEBUFFER processing, the BINDERTYPEFDA object...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006625)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006625 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disableunused Doug reported 1 the following hung...
WordPress Download Monitor plugin <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id' vulnerability
Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'orderid' vulnerability discovered by Hung Nguyen bashu - VN in WordPress Plugin Download Monitor versions = 5.1.7...