CVE-2026-43981 Algernon: Race Condition in handle() shared LState

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: padata: Fixed the pd UAF issue once and for all. There is a race condition/UAF in padatareorder that persists even after the initial commit. A reference count is checked at the beginning of the process in padatadoparallel, and th...

UBUNTU-CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

PT-2026-37611

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in process metadata update The function process metadata update blindly dereferences the 'thread' pointer acquired via rcu dereference protected within the wait event macro. While the code...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card-isac.release function from an atomic context. Fix this by calling this function after releasing the lock. The following log reveals it:...

CVE-2026-31454

A flaw was found in the Linux kernel's XFS file system. This vulnerability occurs when the system incorrectly handles memory, specifically when a critical lock, known as the Address Index List AIL lock, is released too early during certain operations. This premature release can cause a piece of...

Linux Distros Unpatched Vulnerability : CVE-2026-31509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfc: nci: fix circular locking dependency in nciclosedevice nciclosedevice flushes rxwq and txwq while holding reqlock. This causes a circular locking dependenc...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011244 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to...

kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...

SUSE CVE-2026-23358

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix error handling in slot reset If the device has not recovered after slot reset is called, it goes to out label for error handling. There it could make decision based on uninitialized hive pointer and could result i...

CVE-2026-23357

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpclo...

CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpclo...

CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpclo...

Linux Distros Unpatched Vulnerability : CVE-2026-23357

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the call to the complete function when holding a lock. This could lead to reusing the lock after ...

PT-2026-8201

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A use-after-free issue exists in the iscsit dec session usage count function within the SCSI target iSCSI component of the Linux kernel. The function calls complete while holding the...

CVE-2022-50776

In the Linux kernel, the following vulnerability has been resolved: clk: st: Fix memory leak in stofquadfssetup If stclkregisterquadfspll fails, @lock should be freed before goto @errexit, otherwise will cause meory leak issue, fix it...

kernel: afs: Fix merge preference rule failure condition

In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace1. This is because if argc is less than 0 and the function returns directly, the held inode lock is not released. Fix this by...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987595)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987595 advisory. In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call...