Linux Distros Unpatched Vulnerability : CVE-2026-46036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its valu...

CVE-2026-45151

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...

CVE-2026-45151

NanoMQ (0.24.8 and earlier) contains a NULL substream pointer dereference in quic_stream_recv when a substream is reopening. The vulnerable code finishes AIO with an error but does not return before locking c->mtx, indicating a potential NULL dereference and an unlocked/locked state issue in t...

EUVD-2026-33429

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...

CVE-2026-46202

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: run inactivity autodim from workqueues The autodim code in hid-appletb-kbd takes backlightdevice-opslock via backlightdevicesetbrightness - mutexlock from two different atomic contexts: appletbinactivitytimer is...

CVE-2026-46106

In the Linux kernel, the following vulnerability has been resolved: eventfs: Hold eventfsmutex and SRCU when remount walks events Commit 340f0c7067a9 "eventfs: Update all the eventfsinodes from the events descriptor" had eventfssetattrs recurse through ei-children on remount. The walk only holds...

EUVD-2026-32829

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: run inactivity autodim from workqueues The autodim code in hid-appletb-kbd takes backlightdevice-opslock via backlightdevicesetbrightness - mutexlock from two different atomic contexts: appletbinactivitytimer is...

CVE-2026-46202 HID: appletb-kbd: run inactivity autodim from workqueues

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: run inactivity autodim from workqueues The autodim code in hid-appletb-kbd takes backlightdevice-opslock via backlightdevicesetbrightness - mutexlock from two different atomic contexts: appletbinactivitytimer is...

EUVD-2026-32784

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it may lead to more sever...

SUSE CVE-2026-46008

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damoswalk vs kdamondfn exit race When kdamondfn main loop is finished, the function cancels remaining damoswalk request and unset the damonctx-kdamond so that API callers and API functions themselves can show t...

SUSE CVE-2026-46036

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...

PT-2026-44280

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A data race exists in the ALSA PCM OSS component when accessing the runtime.oss.trigger field. Because this field is a bit field, concurrent access without protection can cause writes to...

CVE-2026-46036

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...

CVE-2026-45949

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...

PT-2026-43903

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the vfio/cdx component. The function vfio cdx set msi trigger reads vdev-config msi and operates on the vdev-cdx irqs array without proper serialization...

PT-2026-43816

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and work struct to fix race condition Currently, hwrng fill is not cleared until the hwrng fillfn thread exits. Since hwrng unregister reads hwrng fill outside the rng mutex lock, a concurrent hwrng unregist...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In the blkmqunquiescetagset function, it is necessary to use RCU instead of set-taglistlock. The blkmqadd,delqueuetagset functions add and remove queues from the tagset. These functions ensure that the tagset and queues are marke...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fixed atomic context locking issue The ncmsetalt function was holding a mutex to prevent race conditions with configfs. This function invokes the mightsleep function within an atomic context. The struct pointer...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fixed an oops error when unloading drivers that are parallel to each other. When the hclge driver is unloaded, it attempts to disable sriov first for each aedev node from hnae3aedevlist. If the hns3 driver is unloaded ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: usb: r8152: fix resume reset deadlock The rtl8152 function can trigger a device reset during a reset process, which potentially leads to a deadlock. DPM device timeout after 10 seconds; 15 seconds until panic Call Trace:...