34 matches found
CVE-2026-54906
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can...
CVE-2026-54906
CVE-2026-54906 concerns the Ruby concurrency library concurrent-ruby, specifically the public API for Concurrent::ReadWriteLock . Prior to 1.3.7, two issues are reported: (1) release_write_lock does not verify that the calling thread held the write lock, allowing any thread with the lock to relea...
CVE-2026-54906 concurrent-ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can...
CVE-2026-54905
Technical details for CVE-2026-54905 are not publicly available in the provided connected documents. Monitor for updates from upstream advisories and vendor disclosures to determine affected versions, impact, and remediation.
CVE-2026-54905 concurrent-ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used...
Concurrent Ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
Summary Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still...
GHSA-6WX8-W4F5-WWCR Concurrent Ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
Summary Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still...
Concurrent Ruby - ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
Summary Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still...
PT-2026-46025
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the ASoC fsl xcvr component due to an improper locking mechanism in the fsl xcvr mode put function. The issue arises when the function attempts to acquire the...
PT-2026-44244
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the DAMON sysfs interface. Direct reads and writes of the memcg path and path files can race, as the write operation deallocates the buffer pointed to by...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fixed the ordering in queuedwritelockslowpath While this code is executed with waitlock held, a reader can acquire the lock without holding waitlock. The writer checks the value using atomiccondreadacquire, but...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevents deadlock by changing j1939sockslock to rwlock. The following 3 locks may race against each other, causing a deadlock situation in the Syzbot bug report: - j1939sockslock - activesessionlistlock -...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of read-write lock protection, potentially leading to data competition issues...
MiracleLinux 3 : systemtap-1.6-7.AXS3 (AXSA:2012-344:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-344:01 advisory. SystemTap is an instrumentation system for systems running Linux 2.6. Developers can write instrumentation to collect data on the operation of the system...
CVE-2023-54324 dm: fix a race condition in retrieve_deps
In the Linux kernel, the following vulnerability has been resolved: dm: fix a race condition in retrievedeps There's a race condition in the multipath target when retrievedeps races with multipathmessage calling dmgetdevice and dmputdevice. retrievedeps walks the list of open devices without...
CVE-2025-40090 ksmbd: fix recursive locking in RPC handle list access
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 "ksmbd: Fix race condition in RPC handle list access", ksmbdsessionrpcmethod attempts to lock sess-rpclock. This causes hung connections / tasks wh...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986963)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986963 advisory. In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattrset|get and listxattr operations UBIFS may occur some problems with...
Linux Distros Unpatched Vulnerability : CVE-2025-38388
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Replace mutex with rwlock to avoid sleep in atomic context The current use...
UBUNTU-CVE-2025-38388
In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Replace mutex with rwlock to avoid sleep in atomic context The current use of a mutex to protect the notifier hashtable accesses can lead to issues in the atomic context. It results in the below kernel warnings:...
DEBIAN-CVE-2022-49850
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfscountfreeblocks A semaphore deadlock can occur if nilfsgetblock detects metadata corruption while locating data blocks and a superblock writeback occurs at the same time: task 1 task 2 ------ ------ A...