34 matches found
Race Condition
Overview github.com/xyproto/algernon/engine is a Affected versions of this package are vulnerable to Race Condition. in the handle process due to the sync.RWMutex being released before L.Push and L.PCall execute. An attacker can cause Lua VM corruption or unpredictable server behavior by making...
EUVD-2026-31866
Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The commit mutex should not be released during the critical section between nftgcseqbegin and nftgcseqend. Otherwise, the async GC worker could collect expired objects and obtain the released commit lock with...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011041)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011041 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release mutex after nftgcseqend from abort path The commit mutex should not ...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38245)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38245 advisory. - In the Linux kernel, the following vulnerability has been resolved: atm: Release atmdevmutex after removing...
UBUNTU-CVE-2023-53816
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgdmem UAFs kgdmem pointers returned by kfdprocessdevicetranslatehandle are only guaranteed to be valid while p-mutex is held. As soon as the mutex is unlocked, another thread can free the BO...
CVE-2023-53816 drm/amdkfd: fix potential kgd_mem UAFs
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgdmem UAFs kgdmem pointers returned by kfdprocessdevicetranslatehandle are only guaranteed to be valid while p-mutex is held. As soon as the mutex is unlocked, another thread can free the BO...
Linux Distros Unpatched Vulnerability : CVE-2023-53816
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdkfd: fix potential kgdmem UAFs kgdmem pointers returned by kfdprocessdevicetranslatehandle are only guaranteed to be valid while p-mutex is held. As soon...
CVE-2025-40231
CVE-2025-40231 (Linux kernel) relates to a vsock lock inversion in vsock_assign_transport() where vsock_register_mutex is held during a call that may call vsock_linger(). The commit adding vsock_register_mutex around transport->release() around sk_lock can create circular dependency when vsock...
PT-2025-49058
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to a lock inversion deadlock between vsock register mutex and sk lock-AF VSOCK when the vsock linger function is called. This issue stemmed from ...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-403828)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-403828 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in createpinctrl when handling -EPROBEDEFER In createpinctrl,...
CVE-2023-53580
In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's configuration. The panic involves a somewhat complicated...
UBUNTU-CVE-2023-53580
In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's configuration. The panic involves a somewhat complicated...
CVE-2023-53580 USB: Gadget: core: Help prevent panic during UVC unconfigure
In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's configuration. The panic involves a somewhat complicated...
EUVD-2025-20816
Malicious code in bioql PyPI...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-46733: btrfs: fix qgroup reserve leaks in cowfilerange bsc1230708. CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points bsc1232089...
atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
...
UBUNTU-CVE-2025-38373
In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix potential deadlock in MR deregistration The issue arises when kzalloc is invoked while holding umemmutex or any other lock acquired under umemmutex. This is problematic because kzalloc can trigger fsreclaimaqcuire,...
CVE-2024-57807 scsi: megaraid_sas: Fix for a potential deadlock
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraidsas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock&instance-resetmutex; lock&shost-scanmutex; lock&instance-resetmutex;...
Siemens SCALANCE and RUGGEDCOM Devices Improper Locking (CVE-2024-26925)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release mutex after nftgcseqend from abort path The commit mutex should not be released during the critical section between nftgcseqbegin and nftgcseqend, otherwise, async GC worker could collect expired...