EUVD-2026-32870

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Protecting the device queue against concurrent access. In the dasdprofilestart function, the number of requests on the device queue is counted. Access to the device queue is not protected against concurrent access. Wit...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/gma500: Fixed a bug where a sleeping function called from an invalid context caused errors. The function gmacrtcpageflip held the eventlock spinlock while calling crtcfuncs-modesetbase, which requires the wwmutex. The only...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021607)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021607 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spinunlockirqrestore called with IRQs enabled Fix missuse of...

CVE-2026-43143

In the Linux kernel, the following vulnerability has been resolved: mfd: core: Add locking around 'mfdofnodelist' Manipulating a list in the kernel isn't safe without some sort of mutual exclusion. Add a mutex any time we access / modify 'mfdofnodelist' to prevent possible crashes...

CVE-2026-31592

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Protect all of sevmemencregisterregion with kvm-lock Take and hold kvm-lock for before checking sevguest in sevmemencregisterregion, as sevguest isn't stable unless kvm-lock is held or KVM can guarantee KVMSEVINIT2 has...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013348)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013348 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to u...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013004)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013004 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of...

EUVD-2023-60523

In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before inode lookup during the ino lookup ioctl During the ino lookup ioctl we can end up calling btrfsiget to get an inode reference while we are holding on a root's btree. If btrfsiget needs to lookup the...

CVE-2025-68320 lan966x: Fix sleeping in atomic context

In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix sleeping in atomic context The following warning was seen when we try to connect using ssh to the device. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:575 inatomic: 1, irqsdisabled: 0,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990472)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990472 advisory. In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sbbread with pointerslock held syzbot is reporting sleep in atomic context in Sy...

CVE-2025-39983 Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciconntxdequeue This fixes the following UAF caused by not properly locking hdev when processing HCIEVNUMCOMPPKTS: BUG: KASAN: slab-use-after-free in hciconntxdequeue+0x1be/0x220...

EUVD-2025-30852

Malicious code in bioql PyPI...

CVE-2023-53519 media: v4l2-mem2mem: add lock to protect parameter num_rdy

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter numrdy Getting below error when using KCSAN to check the driver. Adding lock to protect parameter numrdy when getting the value with function:...

CVE-2023-53455 drm/vc4: drop all currently held locks if deadlock happens

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: drop all currently held locks if deadlock happens If vc4hdmiresetlink returns -EDEADLK, it means that a deadlock happened in the locking context. This situation should be addressed by dropping all currently held locks an...

CVE-2023-53455 drm/vc4: drop all currently held locks if deadlock happens

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: drop all currently held locks if deadlock happens If vc4hdmiresetlink returns -EDEADLK, it means that a deadlock happened in the locking context. This situation should be addressed by dropping all currently held locks an...

PT-2025-40162

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc6-01399-g941aae326315 Description The Linux kernel contains a flaw within the DRM/VC4 subsystem related to deadlock handling. Specifically, if vc4 hdmi reset link returns -EDEADLK, indicating a deadlock i...

DEBIAN-CVE-2025-39734

In the Linux kernel, the following vulnerability has been resolved: Revert "fs/ntfs3: Replace inodetrylock with inodelock" This reverts commit 69505fe98f198ee813898cbcaf6770949636430b. Initially, conditional lock acquisition was removed to fix an xfstest bug that was observed during internal...

DEBIAN-CVE-2025-38335

In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys - fix a sleep while atomic with PREEMPTRT When enabling PREEMPTRT, the gpiokeysirqtimer callback runs in hard irq context, but the inputevent takes a spinlock, which isn't allowed there as it is converted to a...

CVE-2025-6217

PEAK-System Driver PCANFDADDFILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtain the ability to execute low-privileged code...