CVE-2026-23342

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in cpumap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bqenqueue and cpumapflush run atomically...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2025-39783)

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a listdel on the epfgroup field of struct pciepfdriver in pciepfremovecfs is not correct as this field is a list head, not a list entry. This listdel call triggers a KASA...

AZL-77304 CVE-2026-23004 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6uncachedlistdel and rtdeluncachedlist syzbot was able to crash the kernel in rt6uncachedlistflushdev in an interesting way 1 Crash happens in listdelinit/INITLISTHEAD while writing list-prev, while the prior...

CVE-2026-23004

In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6uncachedlistdel and rtdeluncachedlist syzbot was able to crash the kernel in rt6uncachedlistflushdev in an interesting way 1 Crash happens in listdelinit/INITLISTHEAD while writing list-prev, while the prior...

EUVD-2022-55841

In the Linux kernel, the following vulnerability has been resolved: rapidio: rio: fix possible name leak in rioregistermport If deviceregister returns error, the name allocated by devsetname need be freed. It should use putdevice to give up the reference in the error path, so that the name can be...

SUSE CVE-2025-40213

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

btrfs: harden block_group::bg_list against list_del() races

...

SUSE CVE-2025-37856

In the Linux kernel, the following vulnerability has been resolved: btrfs: harden blockgroup::bglist against listdel races As far as I can tell, these calls of listdelinit on bglist cannot run concurrently with btrfsmarkbgunused or btrfsmarkbgtoreclaim, as they are in transaction error paths and...

CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races

In the Linux kernel, the following vulnerability has been resolved: btrfs: harden blockgroup::bglist against listdel races As far as I can tell, these calls of listdelinit on bglist cannot run concurrently with btrfsmarkbgunused or btrfsmarkbgtoreclaim, as they are in transaction error paths and...

SUSE CVE-2021-47536

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix wrong listdel in smclgrcleanupearly smclgrcleanupearly meant to delete the link group from the link group list, but it deleted the list head by mistake. This may cause memory corruption since we didn't remove the rea...

DEBIAN-CVE-2024-50273

In the Linux kernel, the following vulnerability has been resolved: btrfs: reinitialize delayed ref list after deleting it from the list At insertdelayedref if we need to update the action of an existing ref to BTRFSDROPDELAYEDREF, we delete the ref from its ref head's refaddlist using listdel,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from an incorrect listdel in the net/smc module smclgrcleanupearly...

DEBIAN-CVE-2021-47254

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2glockshrinkscan The GLFLRU flag is checked under lrulock in gfs2glockremovefromlru to remove the glock from the lru list in gfs2glockput. On the shrink scan path, the same flag is cleared under...

UBUNTU-CVE-2024-26749

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3gadgetepdisable ... cdns3gadgetepfreerequest&privep-endpoint, &privreq-request; listdelinit&privreq-list; ... 'privreq' actually free at cdns3gadgetepfreerequest. But listdelinit us...