EUVD-2026-32235

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the checkpseudobtfid function is incorrect: the checkpseudobtfid function might get called with a zero refcounted btf. Fix this, and patch related code accordingly...

CVE-2026-45984

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head dibh is being released prematurely in gfs2iomapbegin via releasemetapath while iomap-inlinedata still points to dibh-bdata. This causes a...

UBUNTU-CVE-2026-45996

In the Linux kernel, the following vulnerability has been resolved: spi: imx: fix use-after-free on unbind The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration unless the allocation is device managed. Take another reference before deregistering...

CVE-2026-45996 spi: imx: fix use-after-free on unbind

In the Linux kernel, the following vulnerability has been resolved: spi: imx: fix use-after-free on unbind The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration unless the allocation is device managed. Take another reference before deregistering...

CVE-2026-45996

The CVE-2026-45996 issue affects the Linux kernel SPI imx driver, where a use-after-free can occur on unbind because the SPI subsystem frees controller and subsystem data during deregistration unless the allocation is device-managed. The fix adds a reference before deregistering the controller so...

CVE-2026-45981

In CVE-2026-45981, the Linux kernel s390/cio path css_alloc_subchannel() calls device_initialize() before configuring DMA masks. If dma_set_coherent_mask() or dma_set_mask() fails, the error path frees the subchannel directly, bypassing the device model reference counting. After device_initialize...

CVE-2026-45951 bpf: Fix a potential use-after-free of BTF object

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the checkpseudobtfid function is incorrect: the checkpseudobtfid function might get called with a zero refcounted btf. Fix this, and patch related code accordingly...

CVE-2026-45951

The CVE-2026-45951 issue affects the Linux kernel BPF subsystem, caused by incorrect reference counting in check_pseudo_btf_id() that could cause a use-after-free of a BTF object. The mitigation is a kernel patch that fixes the refcount handling (and related code). RedHat notes potential privileg...

PT-2026-43818

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the check pseudo btf id function is incorrect: the check pseudo btf id function might get called with a zero refcounted btf. Fix this, and patch related code...

PT-2026-43915

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A reference count leak occurs in the ALSA caiaq component of the Linux kernel during probe failure. The create card function increases the reference count of the USB device using usb get de...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from incorrect reference counting of BTF objects in the checkpseudobtfid function. This vulnerability...

PT-2026-43863

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the SPI subsystem of the Linux kernel. The subsystem frees the controller and any allocated driver data during deregistration, unless the allocation is...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an incorrect inference of the zero-copy status during the cleanup phase before messages are...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement a reference counter for SRB The timeout handler and the done function are competing with each other. When qla2x00iocbtimeout starts to execute, it may be preempted by the normal response path via the...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered The powersupply framework is not actually designed to have long references to powersupply devices in the kernel. Specifically, unregistering a powersuppl...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fixed the crash caused by hcisuspendsync. If hciunregisterdev frees the hcidev object, but hcisuspendnotifier may still access it, this can cause the program to crash. Here is the call trace: 102152.653246 Call Trace:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915: Fixed the reference counting during error capture and debugfs dump. When GuC support was added to error capture, the reference counting around the request object was broken. This issue has been fixed. The context-bas...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix for ofk3udmaglueParsechnbyid The ofk3udmaglueParsechnbyid helper function erroneously invokes “ofnodeput” on the “udmaxnp” device node that was passed to it. Additionally, its reference count was...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevents deadlock by changing j1939sockslock to rwlock The following 3 locks may race against each other, causing a deadlock situation in the Syzbot bug report: - j1939sockslock - activesessionlistlock -...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against changes to devlec. It appears that there were calls to devput without prior calls to devhold, leading to imbalances and Universal Arbitrary...