Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: nvme-fc: The use of lock access to portstate and rportstate was corrected. nvmefcunregisterremote removes the remote port from a lport object at any time when there is no active association. This issue conflicts with the...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: fixed a race condition in hcicmdsyncdequeueonce. The function hcicmdsyncdequeueonce performs a lookup and then cancels the entry under two separate lock sections. Meanwhile, hcicmdsyncwork can also delete t...

EUVD-2026-28611

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usbgadgetudcreset routine in drivers/usb/gadgets/udc/core.c, resulting from the fact that the routine w...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a use-after-free in l2capunregisteruser. After the commit ab4eedb790ca "Bluetooth: L2CAP: Fixed corrupted list in hcichandel", l2capconndel uses conn-lock to protect access to conn-users. However,...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in filelock-3.12.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in filelock-3.12.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allo...

Linux Distros Unpatched Vulnerability : CVE-2026-23434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device...

CVE-2026-23436

The CVE-2026-23436 issue affects the Linux kernel's net: shaper component. A race could occur when a netdev is unregistered between taking a reference during Netlink prep and locking/RCU in the callback, potentially leaking the hierarchy after a flush. The fix applies the instance lock in pre- st...

CVE-2026-23369 i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock"

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpilock with I2C bus lock" This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. Under rare circumstances, multiple udev threads can collect i801 device info on boot and walk...

CVE-2026-23103 ipvlan: Make the addrs_lock be per port

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrslock be per port Make the addrslock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6. ...

ALSA-2026:0453 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: HID: multitouch: fix slab out-of-bounds access in mtreportfixup CVE-2025-39806 kernel: audit: fix out-of-bounds read in auditcomparednamepath CVE-2025-39840 kernel: mm: slub: avoid wake u...

CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

Siemens SCALANCE and RUGGEDCOM Devices Use After Free (CVE-2024-41012)

filelock: Remove locks reliably when fcntl/close race is detected When fcntlsetlk races with close, it removes the created lock with dolockfilewait. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990520)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990520 advisory. In the Linux kernel, the following vulnerability has been resolved: zsmalloc: fix races between asynchronous zspage free and page migration The asynchronous zspage...

UBUNTU-CVE-2025-40039

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix race condition in RPC handle list access The 'sess-rpchandlelist' XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by 'sess-rpclock' an rwsemaphore. However, the lockin...

TencentOS Server 4: xorg-x11-server (TSSA-2025:0760)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0760 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

UBUNTU-CVE-2025-39754

In the Linux kernel, the following vulnerability has been resolved: mm/smaps: fix race between smapshugetlbrange and migration smapshugetlbrange handles the pte without holdling ptl, and may be concurrenct with migration, leaing to BUGON in pfnswapentrytopage. The race is as follows...

CVE-2025-58145 Arm issues with page refcounting

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL...

Linux Distros Unpatched Vulnerability : CVE-2022-4129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer...

Linux Distros Unpatched Vulnerability : CVE-2025-38132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - coresight: holding cscfgcsdevlock while removing cscfg from csdev There'll be possible race scenario for coresight config: CPU0 CPU1 perf enable load module...

SUSE CVE-2025-38107

In the Linux kernel, the following vulnerability has been resolved: netsched: ets: fix a race in etsqdiscchange Gerrard Tai reported a race condition in ETS, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 1: lock root 2: qdisctreeflushbacklog 3: unlock roo...