952 matches found
CVE-2026-53062
A flaw was found in the Linux kernel's device-mapper dm cache policy, specifically within the smq module. In passthrough mode, the invalidatemapping operation lacks proper locking, allowing for concurrent access. This can lead to data races, resulting in data corruption or use-after-free issues,...
CVE-2026-53062
The CVE-2026-53062 entry concerns the Linux kernel dm-cache policy smq. In passthrough mode, the invalidate_mapping operation can be invoked concurrently by multiple workers, and the lack of proper locking may cause data races on the allocated blocks counter and potential use-after-free issues in...
Improper Locking
Overview Affected versions of this package are vulnerable to Improper Locking in the releasewritelock and releasereadlock functions. An attacker can disrupt synchronization guarantees and exploit data races or cause denial of service by invoking these functions from unauthorized threads or withou...
Concurrent Ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
Summary Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still...
Wrap-around Error
Overview Affected versions of this package are vulnerable to Wrap-around Error in ReentrantReadWriteLock that causes incorrect write locks. An attacker can cause a thread to incorrectly obtain a write lock without exclusivity by repeatedly acquiring the read lock 32,768 times, which overflows the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ip: Fixed data races related to sysctlipfwdusepmtu. When reading from sysctlipfwdusepmtu, it can be changed concurrently. Therefore, we need to add a READONCE call to its readers...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fixed possible data races in gfs2showoptions Some fields such as gtlogdsecs of the struct gfs2tune are accessed without holding the lock gtspin in gfs2showoptions: val = sdp-sdtune.gtlogdsecs; if val != 30 seqprintfs,...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: Use DEVSTATSINC to avoid data races. syzbot/KCSAN reported that multiple CPUs are updating dev-stats.txerror concurrently. This occurs because sit tunnels use NETIFFLLTX, which means their ndostartxmit function is not...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpfastopenblackholetimeout. When reading sysctltcpfastopenblackholetimeout, it can be changed concurrently. Therefore, we need to add READONCE to its readers...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcprecovery. When reading sysctltcprecovery, it can be changed concurrently. Therefore, we need to add READONCE to its readers...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: Fixed issues related to data races around sk-skforwardalloc. Syzkaller reported this warning: ------------------ WARNING: CPU: 0 PID: 16 at net/ipv4/afinet.c:156 inetsockdestruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID:...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpminsndmss. When reading sysctltcpminsndmss, it can be changed concurrently. Therefore, we need to add READONCE to its readers...
Concurrent Ruby - ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
Summary Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from accessing the devicefolio after calling the foliofree function, potentially leading to data races...
SUSE CVE-2026-46267
In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule smwork...
CVE-2026-46017
CVE-2026-46017 involves a Linux kernel race in the migration path for folios. The vulnerability stems from a deferred split queue race during migrate_folio_move(): dst can become visible and then be requeued too late, allowing a concurrent rmap-removal path to mark dst partially mapped and trigge...
CVE-2026-46017
mm: fix deferred split queue races during migration...
pam_usb 代码问题漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.1 contained code vulnerabilities. This vulnerability stemmed from the fact that the src/log.c file contained a process-level static pointer; each PAM ca...
[slackware-security] rsync
New rsync packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/rsync-3.4.3-i586-1slack15.0.txz: Upgraded. This update fixes security issues: TOCTOU symlink race condition allowing local privilege...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed the issue where the “vf” variable might be used without initialization in this function. To address the regression introduced by commit 52424f974bc5, which causes servers to hang under very difficult-to-reproduce...