EUVD-2022-54626

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix sleep from invalid context BUG Taking the qosmutex to process RoCEv2 QP's on netdev events causes a kernel splat. Fix this by removing the handling for RoCEv2 in irdmacmteardownconnections that uses the mutex. Thi...

EUVD-2013-3399

Malware in sbrugna...

EUVD-2024-53279

Malicious code in bioql PyPI...

CVE-2022-50386

CVE-2022-50386 is a Linux kernel Bluetooth L2CAP use‑after‑free vulnerability. The fix adds a guard by calling l2cap_chan_hold_unless_zero() after __l2cap_get_chan_blah() to prevent a use‑after‑free in l2cap_chan_destroy. Affected: Linux kernel Bluetooth L2CAP path; impact per sources is high (CV...

CVE-2025-38245

In the Linux kernel, the following vulnerability has been resolved: atm: Release atmdevmutex after removing procfs in atmdevderegister. syzbot reported a warning below during atmdevregister. 0 Before creating a new device and procfs/sysfs for it, atmdevregister looks up a duplicated device by...

CVE-2025-38245 atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().

In the Linux kernel, the following vulnerability has been resolved: atm: Release atmdevmutex after removing procfs in atmdevderegister. syzbot reported a warning below during atmdevregister. 0 Before creating a new device and procfs/sysfs for it, atmdevregister looks up a duplicated device by...

CVE-2022-50035 drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free on amdgpubolist mutex If amdgpucsvmhandling returns r != 0, then it will unlock the bolistmutex inside the function amdgpucsvmhandling and again on amdgpucsparserfini. This problem results in the...

CVE-2022-49943

In CVE-2022-49943, the Linux kernel USB gadget udc_mutex scope was too large, allowing a lockdep alert/circular locking dependency when the gadget core invoked driver bind/unbind or started/stopped a UDC. The root cause is a widened udc_lock footprint that protected udc->driver among other thi...

CVE-2023-53122

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-23134

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Don't take registermutex with copyfrom/touser The infamous mmaplock taken in copyfrom/touser can be often problematic when it's called inside another mutex, as they might lead to deadlocks. In the case of ALSA timer...

CVE-2025-22030

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix cryptofreeacomp deadlock in zswapcpucompdead Currently, zswapcpucompdead calls cryptofreeacomp while holding the per-CPU acompctx mutex. cryptofreeacomp then holds scomplock through cryptoexitscompopsasync. On the...

CVE-2025-22098 drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set()

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmpdp: Fix a deadlock in zynqmpdpignorehpdset Instead of attempting the same mutex twice, lock and unlock it. This bug has been detected by the Clang thread-safety analyzer...

CVE-2025-22030 mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix cryptofreeacomp deadlock in zswapcpucompdead Currently, zswapcpucompdead calls cryptofreeacomp while holding the per-CPU acompctx mutex. cryptofreeacomp then holds scomplock through cryptoexitscompopsasync. On the...

CVE-2025-21853 bpf: avoid holding freeze_mutex during mmap operation

In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freezemutex during mmap operation We use map-freezemutex to prevent races between mapfreeze and memory mapping BPF map contents with writable permissions. The way we naively do this means we'll hold freezemutex...

CVE-2022-49606

CVE-2022-49606 affects the Linux kernel RDMA/irdma path. The issue is a sleep (mutex) operation taken to process RoCEv2 QPs on netdev events, which can trigger a BUG: sleeping function called from invalid context in mutex_lock and lead to a kernel crash. The fix removes RoCEv2 handling in irdma_c...

CVE-2024-56631

Summary: CVE-2024-56631 affects the Linux kernel SCSI sg driver, fixed in sg_release() to avoid slab-use-after-free. The bug occurred when kref_put(&sfp->f_ref, sg_remove_sfp) was called before releasing the open_rel_lock mutex, potentially freeing sfp/sdp and then dereferencing them after unl...

CVE-2024-56631 scsi: sg: Fix slab-use-after-free read in sg_release()

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sgrelease Fix a use-after-free bug in sgrelease, detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in lockrelease+0x151/0xa30 kernel/locking/lockdep.c:5838...

ALSA-2024:5928 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nftables: nftsetrbtree skip end interval element from gc CVE-2024-26581 kernel: netfilter: nftlimit: reject configurations that cause integer overflow CVE-2024-26668 kernel: vfio/pci: Loc...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix panic when DSA master device unbinds on shutdown CVE-2022-48808 In the Linux kernel, the following vulnerability has been resolved: nfsd: call oprelease, even when opfunc returns an error...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the...