Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the TMU device driver managing power state and clocking within the context of original spinlocks,...

PT-2026-37449

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the rpmsg core where the driver override show function reads the driver override string without holding the device lock. Simultaneously, the store function...

parse-server: MFA SMS one-time password accepted twice under concurrent login

Impact A race condition in the MFA SMS one-time password OTP login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive valid session tokens, breaking the single-use property of the OTP. The vulnerability requires the attacker to already possess the...

PT-2026-37307

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.76 Parse Server versions prior to 9.9.0-alpha.2 Description A race condition exists in the MFA SMS one-time password OTP login path. This allows two concurrent requests to the '/login' endpoint using the same...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: The ctx-uringlock lock is acquired around the iouringshowfdinfo function. Not everything requires locking, which is why the haslock variable exists. However, enough cases require locking, making it somewhat unwiel...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: Fixed unsafe locking in the scxdumpstate function. For kernels built with CONFIGPREEMPTRT=y, the dumplock will be converted to a sleepable spinlock instead of a disable-irq one. This can lead to the following scenarios:...

Astra Linux - уязвимость в linux

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through version 5.9.13. Files drivers/tty/ttyio.c and drivers/tty/ttyjobctrl.c may allow a read-after-free attack on TIOCGSID, also known as CID-c8bcd9c5be24...

CLSA-2026-1777544744 squid: Fix of CVE-2023-49288

CVE-2023-49288: fix use-after-free in storeclient lifetime by locking StoreEntry for the duration of the storeclient object...

CVE-2026-43018

A flaw was found in the Linux kernel's Bluetooth component. This Use-After-Free UAF vulnerability arises from insufficient locking during hciconn lookup and access within the hcileremoteconnparamreqevt function. An attacker could potentially exploit this to cause a system crash or execute arbitra...

CVE-2026-43023

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...

EUVD-2026-26569

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...

CLSA-2026-1777539902 squid: Fix of CVE-2023-49288

CVE-2023-49288: fix use-after-free in storeclient lifetime by locking StoreEntry for the duration of the storeclient object...

SUSE CVE-2026-31688

In the Linux kernel, the following vulnerability has been resolved: driver core: enforce devicelock for drivermatchdevice Currently, drivermatchdevice is called from three sites. One site deviceattachdriver holds devicelockdev, but the other two bindstore and driverattach do not. This inconsisten...

U-SPEED N300 安全漏洞

The U-SPEED N300 is a wireless router device produced by the U-SPEED company. The U-SPEED N300 V1.0.0 version has a security vulnerability. This vulnerability stems from the lack of rate limiting or account locking protection in the /api/login endpoint. As a result, local network attackers may...

Oracle VirtualBox SoundBlaster 16 Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

ERCOM Cryptobox 安全漏洞

ERCOM Cryptobox is a file encryption and security storage tool developed by the French company ERCOM. ERCOM Cryptobox has a security vulnerability that stems from issues with the account locking mechanism. This vulnerability could allow legitimate users to prevent other users from logging in by...

PT-2026-35494

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A race condition exists in the driver core due to inconsistent locking in the driver match device function. While one call site holds the device lockdev, others such as bind store and...

Input: uinput - fix circular locking dependency with ff-core

...

SUSE CVE-2026-31557

In the Linux kernel, the following vulnerability has been resolved: nvmet: move async event work off nvmet-wq For target nvmetctrlfree flushes ctrl-asynceventwork. If nvmetctrlfree runs on nvmet-wq, the flush re-enters workqueue completion for the same worker:- A. Async event work queued on...

SUSE CVE-2026-31667

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking dependency warning can be triggered reproducibly when using a force-feedback gamepad with uinput for example, playing ELDEN RING under Wine...