GHSA-WV3X-4VXV-WHPP Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity

Summary Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITELOCKHELD...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: A suspicious RCU usage warning was fixed in iptunnelinitflow. There are code paths where the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning 1. The issue was fixed...

UBUNTU-CVE-2026-46319

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...

EUVD-2026-35409

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...

CVE-2026-46319 net/sched: act_ct: Only release RCU read lock after ct_ft

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...

CVE-2026-46319

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability stems from the tcfctflowtableget function in actct, which releases the RCU read lock within the...

CVE-2026-46262

A flaw was found in the Linux kernel's audio subsystem, specifically in the fslxcvr module. This vulnerability allows a local user to trigger a deadlock condition within the system. By attempting to acquire a read lock while already holding a write lock in the same process, the system can become...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility of deadlock occurring when the shadow stack signals hold a mmap read lock during signal...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: The issue related to “slab-use-after-free” in inetlookupestablished has been fixed. The lookups in the ehash table are performed without locking, and they rely on SLABTYPESAFEBYRCU to ensure the stability of socket memory...

Astra Linux - уязвимость в linux, linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: BPF: Check rcureadlockTraceheld before calling BPF map helpers. These three BPFmaplookup,update,deleteelem helpers are also available for sleepable BPF programs. Therefore, add the corresponding lock assertions for sleepable B...

kernel: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld in bpfmaplookuppercpuelem bpfmaplookuppercpuelem helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpfmaplookuppercpuelem will not be inlined. Using...

SUSE CVE-2026-43109

In the Linux kernel, the following vulnerability has been resolved: x86: shadow stacks: proper error handling for mmap lock 김영민 reports that shstkpopsigframe doesn't check for errors from mmapreadlockkillable, which is a silly oversight, and also shows that we haven't marked those functions with...

CVE-2026-43358

In the Linux kernel, the following vulnerability has been resolved: btrfs: add missing RCU unlock in error path in tryreleasesubpageextentbuffer Call rcureadlock before exiting the loop in tryreleasesubpageextentbuffer because there is a rcureadunlock call past the loop. This has been detected by...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from ksmbd releasing the oplockinfo immediately during critical sections like opinfoget and...

CVE-2026-43109

A flaw was found in the Linux kernel's x86 shadow stacks implementation. An oversight in the shstkpopsigframe function's error handling for mmapreadlockkillable could lead to unexpected behavior. This vulnerability involves improper error checking during memory management operations...

EUVD-2026-27629

In the Linux kernel, the following vulnerability has been resolved: x86: shadow stacks: proper error handling for mmap lock 김영민 reports that shstkpopsigframe doesn't check for errors from mmapreadlockkillable, which is a silly oversight, and also shows that we haven't marked those functions with...

CVE-2026-43109

In the Linux kernel, the following vulnerability has been resolved: x86: shadow stacks: proper error handling for mmap lock 김영민 reports that shstkpopsigframe doesn't check for errors from mmapreadlockkillable, which is a silly oversight, and also shows that we haven't marked those functions with...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the shstkpopsigframe function not checking the return value of mmapreadlockkillable and not marki...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: zsmalloc: Fixed races between asynchronous zspage free operations and page migration. The asynchronous zspage free worker attempts to lock the entire page list of a zspage, without protecting against page migration. Since page...