717 matches found
CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both helpers can sleep. Replace locksockfast with sleepable locksock/releaseso...
EUVD-2026-32795
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both helpers can sleep. Replace locksockfast with sleepable locksock/releaseso...
CVE-2026-46168
The CVE-2026-46168 issue affects the Linux kernel's multipath TCP (mptcp) scheduling around timestamp sockopts. The root cause is using lock_sock_fast() (atomic context) around sock_set_timestamp() and sock_set_timestamping(), which can sleep and cause atomic-context issues. The published fixes r...
CVE-2026-46112
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hnsroceqpremove Sashiko points out that hnsroceqpremove requires the caller to hold locks. The error flow in hnsrocecreateqpcommon doesn't hold those locks for the error unwind so it risks corruptin...
SUSE CVE-2025-71309
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now nireadfoliocmpr. This is caused by a lock inversion deadlock involving the inode mutex nilock and page locks. Scenario: 1. Task A enters...
CVE-2026-45924
A flaw was found in ksmbd, a component of the Linux kernel. This vulnerability occurs because ksmbdvfskernpathendremoving is not called on certain error paths, leading to unbalanced inode locks and references. This can result in potential deadlocks and unbalanced locks, which may cause system...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from eventfs failing to properly hold the eventfsmutex and SRCU locks during re-mounting of events. Th...
Canonical Ubuntu Linux 安全漏洞
Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8, 6.17, and 7.0 versions contain security vulnerabilities. These vulnerabilities stem from incorrect sleep behavior when holding spin locks, which may lead to kernel panic ...
PT-2026-44235
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A memory corruption issue exists in the RDMA hns component. The function hns roce qp remove is called without the required locks during the error unwind process within the hns roce create q...
PT-2026-44291
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the Multipath TCP mptcp implementation where the use of lock sock fast an atomic context around the sock...
CVE-2026-24182
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service...
GHSA-39VQ-49QM-R2MC Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions
TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...
Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions
TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...
EUVD-2025-209973
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now nireadfoliocmpr. This is caused by a lock inversion deadlock involving the inode mutex nilock and page locks. Scenario: 1. Task A enters...
CVE-2026-45924
In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbdvfskernpathendremoving on some error paths There are two places where ksmbdvfskernpathendremoving needs to be called in order to balance what the corresponding successful call to ksmbdvfskernpathstartremoving has...
CVE-2025-71309
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now nireadfoliocmpr. This is caused by a lock inversion deadlock involving the inode mutex nilock and page locks. Scenario: 1. Task A enters...
UBUNTU-CVE-2025-71309
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now nireadfoliocmpr. This is caused by a lock inversion deadlock involving the inode mutex nilock and page locks. Scenario: 1. Task A enters...
CVE-2026-46017
CVE-2026-46017 involves a Linux kernel race in the migration path for folios. The vulnerability stems from a deferred split queue race during migrate_folio_move(): dst can become visible and then be requeued too late, allowing a concurrent rmap-removal path to mark dst partially mapped and trigge...
PT-2026-43768
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A circular lock dependency exists within the netfilter nf tables component. This issue occurs when nft reset, ipset list, and iptables-nft with the -m set rule are executed simultaneousl...
CVE-2026-45907
net/mlx5e: Fix deadlocks between devlink and netdev instance locks...