CVE-2026-52906

CVE-2026-52906 (Linux kernel 9p/v9fs) : The issue arises from how 9p options are applied during mounts. After commit 1f3e4142, v9fs_apply_options() uses |= to combine new flags with those already set by v9fs_session_init(), which for 9P2000.L defaults to V9FS_ACCESS_CLIENT. When a user mounts wit...

CVE-2026-31437

A flaw was found in the Linux kernel's netfs component. When a write operation is retried, the netfsunbufferedwrite function can attempt to access a non-existent function, leading to a NULL pointer dereference. This vulnerability can be triggered by specific filesystem configurations, such as 9P,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010958)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010958 advisory. In the Linux kernel, the following vulnerability has been resolved: net/9p: fix double req put in p9fdcancelled Syzkaller reports a KASAN issue as below: general...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993166)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993166 advisory. In the Linux kernel, the following vulnerability has been resolved: 9p/transfd: always use ONONBLOCK read/write syzbot is reporting hung task at p9fdclose 1, for...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50253: bpf: make sure skb-len != 0 when redirecting to a tunneling device bsc1249912. CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in...

net/9p: fix double req put in p9_fd_cancelled

...

UBUNTU-CVE-2025-40027

In the Linux kernel, the following vulnerability has been resolved: net/9p: fix double req put in p9fdcancelled Syzkaller reports a KASAN issue as below: general protection fault, probably for non-canonical address 0xfbd59c0000000021: 0000 1 PREEMPT SMP KASAN NOPTI KASAN: maybe wild-memory-access...

Linux Distros Unpatched Vulnerability : CVE-2025-40027

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/9p: fix double req put in p9fdcancelled Syzkaller reports a KASAN issue as below: general protection fault, probably for non-canonical address...

9p: add missing locking around taking dentry fid list

...

The vulnerability of the p9_socket_open() function in the net/9p/trans_fd.c module of the 9P protocol implementation in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the p9socketopen function in the net/9p/transfd.c module of the 9P protocol implementation in the Linux operating system is related to the failure to release resources after their useful period has ended. Exploiting this vulnerability could allow an attacker to cause service...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the 9p protocol not properly handling fid reference counts when atoms are opened...

Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059153 fixes several issues. The following security issues were fixed: CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6...

Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059158 fixes several issues. The following security issues were fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637...

Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059164 fixes several issues. The following security issues were fixed: CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2021-47598: schcake: do not call...

Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024194 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb:...

CLSA-2024-1723809480 Fix of 39 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-36939 - NFS: Cleanup - add nfsclientsexit to mirror nfsclientsinit - nfs: expose /proc/net/sunrpc/nfs in net namespaces - sunrpc: add a struct rpcstats arg to rpccreateargs - nfs: make the rpcstat per net namespace - nfs: Handle error of rpcprocregist...

CLSA-2024-1723806933 Fix of 55 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-39467 - f2fs: fix to do sanity check on ixattrnid in sanitycheckinode CVE-url: https://ubuntu.com/security/CVE-2024-36940 - pinctrl: core: delete incorrect free in pinctrlenable CVE-url: https://ubuntu.com/security/CVE-2024-38659 - enic: Validate leng...

PT-2022-36383 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.225 Description: The issue is related to the trans fd/p9 conn cancel function in the 9p protocol, where the client lock is dropped earlier than expected. The actual impact and attack plausibility have not y...