EUVD-2026-36727

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

FreeBSD Security Advisory - FreeBSD-SA-26:29.ip6_multicast

FreeBSD Security Advisory - The kernel handler for IPV6MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the multicast filter structure, leaving the handler with a stale pointer to fre...

CVE-2026-43319

In the Linux kernel, the following vulnerability has been resolved: spi: spidev: fix lock inversion between spilock and buflock The spidev driver previously used two mutexes, spilock and buflock, but acquired them in different orders depending on the code path: write/read: buflock - spilock ioctl...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: BTRFS: Do not attempt to replace the rwsem on a task that already holds it. By running fstests btrfs/011 with MKFSOPTIONS="-O rst" to force the use of the RAID stripe-tree, we obtain the following error from lockdep: BTRFS inf...

CVE-2026-43019

The CVE-2026-43019 issue affects the Linux kernel Bluetooth HCI path, where hci_conn lookups and field access in set_cig_params_sync were not properly protected by the hdev lock, allowing a use-after-free when an hci_conn could be freed concurrently. The documented fix is to take the hdev lock to...

CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hciconn from...

EUVD-2026-26617

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in hcileremoteconnparamreqevt hciconn lookup and field access must be covered by hdev lock in hcileremoteconnparamreqevt, otherwise it's possible it is freed concurrently. Extend the...

CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Protect all of sevmemencregisterregion with kvm-lock Take and hold kvm-lock for before checking sevguest in sevmemencregisterregion, as sevguest isn't stable unless kvm-lock is held or KVM can guarantee KVMSEVINIT2 has...

EUVD-2023-60303

In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in gtpencapdestroy. syzkaller reported use-after-free in gtpencapdestroy. 0 It shows the same process freed sk and touched it illegally. Commit e198987e7dd7 "gtp: fix suspicious RCU usage" added locksock a...

CVE-2023-54041

CVE-2023-54041 concerns a Linux kernel issue in io_uring where memory leaks occur when removing provided buffers. The root cause is that io_buffer structs allocated in page-sized groups are not freed, since they cannot be freed individually; they must be added to a free list (e.g., io_buffers_cac...

CVE-2023-53867

CVE-2023-53867 affects the Linux kernel ceph subsystem. A potential use-after-free occurs when trimming caps in ceph_iterate_session_caps(): after releasing session->s_cap_lock, a cap could be removed by another thread and then the stale cap memory is used in callbacks. The fix adds a check fo...

UBUNTU-CVE-2025-40280

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of tipcnetnet-monitors in tipcmonreinitself. 0 The array is protected by RTNL, but tipcmonreinitself iterates over it without RTNL. tipcmonreinitself i...

CVE-2023-53627 scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in function slotcompletev3hw, it is possible that sasdev.list is being traversed elsewhere, and it may trigger a NULL pointer exception...

CVE-2023-53623 mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix swapinfostruct race between swapoff and getswappages The si-lock must be held when deleting the si from the available list. Otherwise, another thread can re-add the si to the available list, which can lead to memory...

EUVD-2025-31883

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-39905

In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl-phydev writes with resolver Currently phylinkresolve protects itself against concurrent phylinkbringupphy or phylinkdisconnectphy calls which modify pl-phydev by relying on...

CVE-2025-39908 net: dev_ioctl: take ops lock in hwtstamp lower paths

In the Linux kernel, the following vulnerability has been resolved: net: devioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13...

CVE-2025-38459 atm: clip: Fix infinite recursive call of clip_push().

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

UBUNTU-CVE-2022-49433

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent use of lock before it is initialized If there is a failure during probe of hfi1 before the sdmamaplock is initialized, the call to hfi1freedevdata will attempt to use a lock that has not been initialized. If th...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: pm: Fixed a UAF in timerdeletesync There are two paths to access mptcppmdeladdtimer, resulting in a race condition: CPU1 CPU2 ==== ==== netrxaction napipoll netlinksendmsg napipoll netlinkunicast processbacklog...