29 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: schedext: Fixed unsafe locking in the scxdumpstate function. For kernels built with CONFIGPREEMPTRT=y, the dumplock will be converted to a sleepable spinlock instead of a disable-irq one. This can lead to the following scenarios:...
SUSE CVE-2026-43326
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...
CVE-2026-43326
The CVE-2026-43326 entry documents a Linux kernel sched_ext deadlock vulnerability (SCX_KICK_WAIT) where CPUs busy-waited in kick_cpus_irq_workfn() and could form a cycle, freezing the system. The fix defers the wait to a balance callback by replacing the busy-wait with resched_curr(), forcing th...
PT-2026-38953
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Tegra platform's Power Management Controller PMC during system suspend resume. The generic handle irq function is called from a non-interrupt context, which is...
CVE-2026-43115
In the Linux kernel, the following vulnerability has been resolved: srcu: Use irqwork to start GP in tiny SRCU Tiny SRCU's srcugpstartifneeded directly calls schedulework, which acquires the workqueue pool-lock. This causes a lockdep splat when callsrcu is called with a scheduler lock held, due t...
CVE-2026-43115
In the Linux kernel, the following vulnerability has been resolved: srcu: Use irqwork to start GP in tiny SRCU Tiny SRCU's srcugpstartifneeded directly calls schedulework, which acquires the workqueue pool-lock. This causes a lockdep splat when callsrcu is called with a scheduler lock held, due t...
PT-2026-37425
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the tiny SRCU Sleep-based Read-Copy-Update implementation where the srcu gp start if needed function directly calls schedule work. This sequence acquires the pool-lock...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007039)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007039 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu: Protect -deferqsiwpending from data race On kernels built with CONFIGIRQWORK=y, when...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013074)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013074 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irqwork can be queued in...
CVE-2026-23311
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...
CVE-2025-68333 sched_ext: Fix possible deadlock in the deferred_irq_workfn()
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix possible deadlock in the deferredirqworkfn For PREEMPTRT=y kernels, the deferredirqworkfn is executed in the per-cpu irqwork/ task context and not disable-irq, if the rq returned by containerof is current CPU's rq,...
EUVD-2025-201626
In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irqwork can be queued in bpfringbufcommit but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to schedswit...
CVE-2025-40319
In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irqwork can be queued in bpfringbufcommit but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to schedswit...
CVE-2025-40319 bpf: Sync pending IRQ work before freeing ring buffer
In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irqwork can be queued in bpfringbufcommit but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to schedswit...
PT-2025-49448
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists where an interrupt request IRQ work item can be queued in the bpf ringbuf commit function, but the ring buffer may be freed before the work item executes. This ca...
EUVD-2023-60021
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix integer overflow in amdgpucspass1 The type of size is unsigned int, if size is 0x40000000, there will be an integer overflow, size will be zero after size = sizeofuint32t, will cause uninitialized memory to be...
CVE-2023-53587
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Sync IRQ works before buffer destruction If something was written to the buffer just before destruction, it may be possible maybe not in a real system, but it did happen in ARCH=um with time-travel to destroy the...
PT-2025-40750
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc1 Description The Linux kernel contained a flaw in the ring buffer implementation where an interrupt request IRQ work could run after the buffer it operated on was destroyed. This could lead to a...
rcu: Fix rcu_read_unlock() deadloop due to IRQ work
...
AZL-73947 CVE-2025-39749 affecting package kernel for versions less than 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: rcu: Protect -deferqsiwpending from data race On kernels built with CONFIGIRQWORK=y, when rcureadunlock is invoked within an interrupts-disabled region of code 1, it will invoke rcureadunlockspecial, which uses an irq-work handle...