CVE-2026-47331

Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free UAF and, theoretically, arbitrary code execution...

SUSE-SU-2026:1786-1 Security update for the Linux Kernel (Live Patch 77 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.293 fixes various security issues The following security issues were fixed: - CVE-2026-23004: dst: fix races in rt6uncachedlistdel and rtdeluncachedlist bsc1258655. - CVE-2026-23204: net/sched: clsu32: use skbheaderpointercareful...

SUSE-SU-2026:21477-1 Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting ...

SUSE-SU-2026:21515-1 Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting ...

CVE-2026-23294

The CVE describes a race in the Linux kernel’s PREEMPT_RT path for the per-CPU xdp_dev_bulk_queue (bq). The vulnerability arises because bq_enqueue() and __dev_flush() were believed to run atomically on the same CPU, but PREEMPT_RT can preempt, leading to concurrent access to bq->count and bq-...

CVE-2026-23294 bpf: Fix race in devmap on PREEMPT_RT

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bqenqueue and devflush run atomically...

CVE-2026-23153

In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix race condition against transaction list The list of transaction is enumerated without acquiring card lock when processing AR response event. This causes a race condition bug when processing AT request completi...

CVE-2026-23126 netdevsim: fix a race issue related to the operation on bpf_bound_progs list

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...

CVE-2026-23101

The CVE-2026-23101 issue affects the Linux kernel LED subsystem. The root cause is a race where an LED was added to leds_list before led_init_core() and before led_classdev.set_brightness_work is initialized. This could allow a default-trigger LED to call led_trigger_set() and queue an uninitiali...

CVE-2025-68260 rust_binder: fix race condition on death_list

In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix race condition on deathlist Rust Binder contains the following unsafe operation: // SAFETY: A NodeDeath is never inserted into the death list // of any node other than its owner, so it is either in this // death...

Linux Distros Unpatched Vulnerability : CVE-2025-40341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access...

PT-2022-36465 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.267 Description: The issue is related to a misbehavior in the dm ioctl when list versions races with module loading. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

PT-2022-36130 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.80 Description: The issue is related to a misbehavior in the dm ioctl when list versions races with module loading. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

CVE-2017-2930

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution...