Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ptp: The logic that checks ptp-nvclocks was removed from ptpvclockinuse. It’s clear that we should check both ptp-isvirtualclock and ptp-nvclocks to determine whether the ptp virtual clock is in use. However, when we access...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: lib/alloctag: Do not acquire an inexistent lock in alloctagtopusers. alloctagtopusers attempts to lock alloctagcttype-modlock, even when alloctagcttype is not allocated. This occurs because: 1. Allocating tags is disabled since m...

OESA-2025-2555 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential out of bound read in ext4fcreplayscan For scan loop must ensure that at least EXT4FCTAGBASELEN space. If remain space less than...

ksmbd: fix recursive locking in RPC handle list access

...

SUSE CVE-2025-40090

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 "ksmbd: Fix race condition in RPC handle list access", ksmbdsessionrpcmethod attempts to lock sess-rpclock. This causes hung connections / tasks wh...

CVE-2025-40090

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 "ksmbd: Fix race condition in RPC handle list access", ksmbdsessionrpcmethod attempts to lock sess-rpclock. This causes hung connections / tasks wh...

UBUNTU-CVE-2025-40090

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 "ksmbd: Fix race condition in RPC handle list access", ksmbdsessionrpcmethod attempts to lock sess-rpclock. This causes hung connections / tasks wh...

CVE-2025-40090 ksmbd: fix recursive locking in RPC handle list access

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 "ksmbd: Fix race condition in RPC handle list access", ksmbdsessionrpcmethod attempts to lock sess-rpclock. This causes hung connections / tasks wh...

CVE-2025-40090

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 "ksmbd: Fix race condition in RPC handle list access", ksmbdsessionrpcmethod attempts to lock sess-rpclock. This causes hung connections / tasks wh...

CVE-2025-10151

Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...

Siemens SIMATIC Devices Improper Locking (CVE-2024-38780)

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; ...

Siemens SIMATIC and SCALANCE Devices Improper Locking (CVE-2025-21694)

fs/proc: softlockup in readvmcore This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503774; scriptversion"1.2";...

Siemens SIMATIC Devices Improper Locking (CVE-2024-38598)

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Resource Locking (CVE-2024-46750)

In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pcibuslock. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

ZITADEL 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. A security vulnerability exists in ZITADEL versions prior to 4.6.0, prior to 3.4.3, and prior to 2.71.18, which...

DEBIAN-CVE-2025-40039

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix race condition in RPC handle list access The 'sess-rpchandlelist' XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by 'sess-rpclock' an rwsemaphore. However, the lockin...

CVE-2025-40039

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix race condition in RPC handle list access The 'sess-rpchandlelist' XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by 'sess-rpclock' an rwsemaphore. However, the lockin...

CVE-2025-40039

CVE-2025-40039 relates to the Linux kernel ksmbd subsystem. It describes a race condition in the RPC handle list (sess->rpc_handle_list) managed per ksmbd session. The underlying issue: in ksmbd_session_rpc_open(), xa_store() and xa_erase() modify the XArray but were guarded only by a read loc...

CVE-2025-10151 Malicious TCP/IP thread locking leads into diverse malfunctions

Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...