52 matches found
SUSE CVE-2026-53193
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...
CVE-2026-53260 tcp: Add preempt_{disable,enable}_nested() in reqsk_queue_hash_req().
In the Linux kernel, the following vulnerability has been resolved: tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in inetcskreqskqueuedrop is called only when it successfully removes req...
CVE-2026-53197 xfrm: iptfs: fix ABBA deadlock in iptfs_destroy_state()
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfsdestroystate iptfsdestroystate calls hrtimercancel while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems. For the output timer iptfstimer...
CVE-2026-53193 ALSA: timer: Forcibly close timer instances at closing
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...
EUVD-2026-39283
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at sndtimeruserparams At releasing a timer object, e.g. when a userspace timer CONFIGSNDUTIMER gets closed and sndtimerfree is called, it tries to detach the timer instances and release the resources. However...
PT-2026-52289
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ALSA timer component. When a snd timer object is freed using the snd timer free function while snd timer instance objects are still assigned, the...
CVE-2025-71315 drm/vkms: Convert to DRM's vblank timer
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/sched: fqpie: prevent dismantle issue For some reason, the fqpieDestroy function did not copy the working code from pieDestroy and other related functions, resulting in a persistent bug. Before calling...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fixed a potential refcount underflow for idev. In addrconfmodrstimer, the reference to idev depends on whether rstimer is not pending. Therefore, the timeout of rstimer was modified. There is a time gap in 1 during...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010975)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010975 advisory. In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posixtimeradd tries to allocate a posix...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013302)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013302 advisory. The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, a...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006654)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006654 advisory. In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpccall struct has a timer used to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001072)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001072 advisory. sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002594)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002594 advisory. sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002735)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002735 advisory. sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service race condition,...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003259)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003259 advisory. The time subsystem in the Linux kernel through 4.9.9, when CONFIGTIMERSTATS is enabled, allows local users to discover real PID values as distinguished from PID valu...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003188)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003188 advisory. The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent-sigevnotify field, whic...
CVE-2022-50697 mrp: introduce active flags to prevent UAF when applicant uninit
In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must prevent restarting of the timer, If we have no this synchronization, there is a small probability that the cancellation will not be...
CVE-2022-50697
CVE-2022-50697 affects the Linux kernel and relates to a race in timer cancellation that could lead to a use-after-free (UAF). The issue stems from a lack of synchronization when del_timer_sync is involved, with a syzbot crash trace showing a KASAN use-after-free in hlist_add_head and enqueue_tim...
SUSE CVE-2025-68240
In the Linux kernel, the following vulnerability has been resolved: nilfs2: avoid having an active sctimer before freeing sci Because kthreadstop did not stop sctask properly and returned -EINTR, the sctimer was not properly closed, ultimately causing the problem 1 reported by syzbot when freeing...