CVE-2026-23066

CVE-2026-23066 concerns the Linux kernel RXRPC receive path. The issue arises in rxrpc_recvmsg() where, if MSG_DONTWAIT is requested and the front of the recvmsg queue has its mutex held, the call is unconditionally requeued, potentially corrupting the recvmsg queue and causing Use-After-Frees or...

SUSE CVE-2025-38524

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...

DEBIAN-CVE-2025-21670

In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed...

CVE-2024-44996

A vulnerability was found in the Linux kernel related to vsock, involving recursive calls due to BPF sockmap integration. When a vsock socket was added to a BPF sockmap, the prot-recvmsg function was replaced with vsockbpfrecvmsg. This could lead to recursion as vsockbpfrecvmsg called vsockrecvms...

DEBIAN-CVE-2024-26886

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: afbluetooth: Fix deadlock Attemting to do socklock on .recvmsg may cause a deadlock as shown bellow, so instead of using socksock this uses skreceivequeue.lock on btsockioctl to avoid the UAF: INFO: task kworker/u9:1:1...