CVE-2026-52925

The CVE-2026-52925 entry relates to the Linux kernel VRF handling. The vulnerability arose from a race where an RCU reader identifying a net device as a VRF port could dereference l3mdev operations of a master device (e.g., a bridge) after netdev_master_upper_dev_get_rcu() returned it as a VRF de...

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...

kernel: smc: Fix use-after-free in __pnet_find_base_ndev()

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...

kernel: net: use dst_dev_rcu() in sk_setup_caps()

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

CVE-2026-52910

The CVE concerns the Linux kernel: a reuseport cBPF program could be freed without waiting for an RCU grace period, via sk_reuseport_prog_free() when detaching from the setsockopt path. The underlying issue is that bpf_release_orig_filter() and bpf_prog_free() destruct the cBPF program too early,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Ensure that dma-fences comply with safe access rules. The xe mechanism can free some of the data pointed to by the dma-fences it exports. Notably, the “timeline name” can be freed if the user space closes the associated...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Net: Restrict SOREUSEPORT to inet sockets. After the bug was identified, crypto sockets could accidentally be destroyed due to a RCU call back, as discovered by zyzbot 1. Attempting to acquire a mutex in an RCU callback is not...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: - BPF: The rcureadlockTraceheld function in bpfmaplookuppercpuelem needs to be checked. The bpfmaplookuppercpuelem helper function is also available for sleepable BPF programs. When BPF JIT is disabled or on a 32-bit host,...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow A UAF can occur when reading /proc/cpuset, as reported in 1. This issue can be reproduced using the following methods: 1. Add an mdelay1000 before acquiring the cgrouplock in the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hsr: It is necessary to hold the rcu lock and dev lock during the execution of hsrgetportndev. The hsrgetportndev function calls hsrforeachport, which requires holding the rcu lock. On the other hand, before returning the port...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: Use skdstget and dstdevrcu in mptcpactiveenable. mptcpactiveenable is called from subflowfinishconnect, which is icsk-icskafops-skrxdstset. This call is not always under a RCU context. Using skdstgetsk-dev could lead to...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ila: Call nfunregisternethooks earlier. Syzbot discovered a use-after-free in ilanfinput 1. The issue arises from ilaxlatexitnet freeing the rhashtable, followed by the call to nfunregisternethooks. This should be done in the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevented RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: SUNRPC: Fixed a suspicious RCU usage warning I received the following warning while running cthon on an Ontap server running pNFS: 57.202521 ============================= 57.202522 WARNING: Suspicious RCU usage 57.202523...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: batman-adv: The unmanaged ELP worker is removed. The ELP worker needs to calculate new metric values for all “reachable” neighbors via an interface. Some of the metric calculation functions require locks, which may need to be...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: fqpie: prevent dismantle issue For some reason, the fqpieDestroy function did not copy the working code from pieDestroy and other related functions, resulting in a persistent bug. Before calling...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: Defer the release of memory until after the rcu readers have finished their operations. Yiming Qian reported a UaF issue when a concurrent process was dumping hooks via nfnetlinkhooks. Bug: KASAN: A...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables – Release flowtable after the rcu grace period with an error. The function synchronizercu is called after unregistering the hooks from the error path. This is because a hook that already references this...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ftrace: Fixed a use-after-free issue related to dynamic ftraceops. KASAN reported a use-after-free when using ftrace. It was discovered that perf registered two ftrace operations with the same content, both being dynamic. Afte...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Use hdev-workqueue when scheduling hdev-cmd,ncmdtimer works. syzbot reports that an attempt is made to schedule hdev-cmdwork from systemwq to hdev-workqueue WQ, which is currently in a draining operation 1. Commit...