CVE-2026-43981

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

CVE-2026-43981

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: atm: The atmdevmutex is released after removing procfs in atmdevderegister. syzbot reported a warning during atmdevregister. 0 Before creating a new device and procfs/sysfs for it, atmdevregister looks up a duplicate device throu...

CVE-2023-53816

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgdmem UAFs kgdmem pointers returned by kfdprocessdevicetranslatehandle are only guaranteed to be valid while p-mutex is held. As soon as the mutex is unlocked, another thread can free the BO...

Linux Distros Unpatched Vulnerability : CVE-2025-38245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - atm: Release atmdevmutex after removing procfs in atmdevderegister. syzbot reported a warning below during atmdevregister. 0 Before creating a new device and...

PT-2025-30016

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's eventpoll implementation where the epoll reference count is decremented while still holding the ep mutex. This can lead to a use-after-free condition...

PT-2025-28873

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was discovered in the Linux kernel related to the handling of the atm dev mutex within the ATM Asynchronous Transfer Mode subsystem. Specifically, the mutex was not being releas...

CVE-2022-49980

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free Read in usbudcuevent The syzbot fuzzer found a race between uevent callbacks and gadget driver unregistration that can cause a use-after-free bug:...

SUSE CVE-2022-49286

In the Linux kernel, the following vulnerability has been resolved: tpm: use trygetops in tpm-space.c As part of the series conversion to remove nested TPM operations: https://lore.kernel.org/all/[email protected]/ exposure of the chip-tpmmutex was removed fro...

DEBIAN-CVE-2022-49286

In the Linux kernel, the following vulnerability has been resolved: tpm: use trygetops in tpm-space.c As part of the series conversion to remove nested TPM operations: https://lore.kernel.org/all/[email protected]/ exposure of the chip-tpmmutex was removed fro...

UBUNTU-CVE-2022-49286

In the Linux kernel, the following vulnerability has been resolved: tpm: use trygetops in tpm-space.c As part of the series conversion to remove nested TPM operations: https://lore.kernel.org/all/[email protected]/ exposure of the chip-tpmmutex was removed fro...

CVE-2024-57900

CVE-2024-57900 is a Linux kernel vulnerability affecting the ila subsystem. A race in ila_add_mapping() can occur with concurrent ILA_CMD_ADD commands, observed as KASAN slab-use-after-free traces. The provided fix adds a mutex to ensure at most one thread calls nf_register_net_hooks(), preventin...

DEBIAN-CVE-2024-53100

In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...

CVE-2024-53100 nvme: tcp: avoid race between queue_lock lock and destroy

In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...

SUSE CVE-2022-0897

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver-nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver-nwfilters object. This fl...

USN-4540-1 atftp vulnerabilities

Denis Andzakovic discovered that atftpd incorrectly handled certain malformed packets. A remote attacker could send a specially crafted packet to cause atftpd to crash, resulting in a denial of service. CVE-2019-11365 Denis Andzakovic discovered that atftpd did not properly lock the thread list...