Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the function kvmvcpuinitnested. This function reallocates and releases the kvm-arch.nestedmmus...

drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path

...

CVE-2026-43305

A flaw was found in the drm/amd/display component of the Linux kernel. A mismatched unlock operation for the DMUB hardware HW lock in the HWSS fast path can occur. This happens because the logic for determining when to use the lock differs from the logic for when to unlock it. When the fast path ...

Linux Distros Unpatched Vulnerability : CVE-2026-31756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be...

CVE-2026-31756

A flaw was found in the Linux kernel's dwc2 USB gadget driver. A local user could trigger an incorrect locking sequence within the dwc2hsotgudcstop function. This issue, a spinlock/unlock mismatch, can lead to a system deadlock, causing a Denial of Service DoS for the affected system...

CVE-2026-31756

Technical details about CVE-2026-31756 are not publicly provided in the connected documents. Monitor for updates from vendors and advisories to confirm affected products, impact, and fixes.

CVE-2026-31756

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...

CVE-2026-26074 EVerest: OCPP201 startup event_queue lock mismatch leads to std::map/std::queue data race

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::map corruption. The trigger is CSMS GetLog/UpdateFirmware request network with an EVSE fault event physical. This results in TSAN reports concurrent access data race to eventqueue...

MiracleLinux 8 : nodejs:16 (AXSA:2022-3781:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3781:01 advisory. npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 Tenable has extracted the preceding description block directly from the...

DEBIAN-CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

UBUNTU-CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

PT-2021-23891 · Npm +5 · Npm +5

Name of the Vulnerable Software and Affected Versions: npm versions 7.x through 8.1.3 Description: The npm ci command proceeds with an installation even if dependency information in package-lock.json differs from package.json, which is inconsistent with the documentation. This behavior makes it...