60 matches found
CVE-2026-53049
In the Linux kernel, the following vulnerability has been resolved: gfs2: add some missing log locking Function gfs2logd calls the log flushing functions gfs2ail1start, gfs2ail1wait, and gfs2ail1empty without holding sdp-sdlogflushlock, but these functions require exclusion against concurrent...
CVE-2026-53072 Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix locking in hciconnrequestevt with HCIPROTODEFER When protocol sets HCIPROTODEFER, hciconnrequestevt calls hciconnectcfmconn without hdev-lock. Generally hciconnectcfm assumes it is held, and if conn is deleted...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a race condition in the RPC handle list access mechanism. The sess-rpchandlelist XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by sess-rpclock a rwsemaphore...
SUSE CVE-2026-46252
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...
CVE-2026-46252
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...
CVE-2026-46252
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...
CVE-2026-46252
CVE-2026-46252 affects the Linux kernel regulator core. The vulnerability stems from improper locking in regulator_resolve_supply() error handling, where late-failing supply enable paths could trigger a lockdep warning due to holding the regulator_list_mutex while calling _regulator_put(). The fi...
CVE-2026-46252 regulator: core: fix locking in regulator_resolve_supply() error path
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...
PT-2026-46015
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locking issue exists in the regulator core within the regulator resolve supply function. When the late enabling of a supply regulator fails, the system triggers a lockdep warning becau...
Linux Distros Unpatched Vulnerability : CVE-2026-46252
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: cxl/ras: Fixed the device confusion related to the CPER handler. Upon inspection, the cxlcperhandleproterr function makes several fragile assumptions that can lead to crashes: 1. It assumes that the endpoints identified in the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: dma: xilinxdpdma: Fixing locking issues There are several places where either chan-lock or chan-vchan.lock was not held. Appropriate locking measures were added. This fixes lockdep warnings such as: 31.077578 ------------ Cut...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Sysv: Do not call sbbread with pointerlock held. syzbot reports sleep in atomic context in the SysV filesystem 1. For sbbread, the function is called with rwspinlock held. A bug involving a “deadlock due to...
CVE-2026-43423
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix atomic context locking issue The ncmsetalt function was holding a mutex to protect against races with configfs, which invokes the might-sleep function inside an atomic context. Remove the struct netdevice...
SUSE CVE-2026-43111
In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccatreportevent roccatreportevent iterates over the device-readers list without holding the readerslock. This allows a concurrent roccatrelease to remove and free a reader while it's still bei...
CVE-2026-43215 cifs: Fix locking usage for tcon fields
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifstcpseslock to protect a lot of objects that are not just the server, ses or tcon lists. We later introduced srvlock, seslock and tclock to protect fields within the...
EUVD-2026-26569
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...
PT-2026-34392
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the SPI subsystem. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device lock. This...
Linux Distros Unpatched Vulnerability : CVE-2026-31527
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - driver core: platform: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the...
CVE-2026-23292
CVE-2026-23292 : Linux kernel scsi: target: Fix recursive locking in __configfs_open_file(). The root cause was target_core_item_dbroot_store() attempting to open the file path (which is the same configfs file already held) using filp_open(), leading to potential nested frag_sem locking. The fix ...