Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989578)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989578 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix quota root leak after quota disable failure If during the quota disable we fai...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989889)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989889 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: fix reference counting for struct tpmchip The following sequence of operations results in a...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against devlec changes. It appears that there were calls to devput without prior calls to devhold, leading to imbalance and UAF Use-after-Allocation...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drbd: Added krefget to the handlewriteconflicts function. With “two-primaries” enabled, DRBD attempts to detect “concurrent” writes and handle write conflicts. This ensures that even if you write to the same sector simultaneously...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: tls: Separating the handling of no-async decryption requests from async. If we are not using async, the handling is much simpler. There is no reference counting; we simply need to wait for the completion to wake us up and return...

CVE-2025-40096 drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drmschedjobaddresvdependencies When adding dependencies with drmschedjobadddependency, that function consumes the fence reference both on success and failure, so in the latter case the...

CVE-2025-40096

Summary: CVE-2025-40096 in the Linux kernel relates to the drm_sched subsystem. The issue is a double free involving dma_fence_ref in drm_sched_job_add_resv_dependencies, triggered when adding dependencies via drm_sched_job_add_dependency() and on the error path. The double-free is described as h...

drm/i915: Fix request ref counting during error capture & debugfs dump

...

kernel: tls: separate no-async decryption request handling from async

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...

CVE-2025-40064

The CVE-2025-40064 issue affects the Linux kernel’s SMC (smc) path during connect() where a use‑after‑free can occur when net_device is accessed after it is freed in __pnet_find_base_ndev(). The root cause is a race around fetching dst->dev and using it after the device’s lifetime, with RTNL h...

CVE-2025-40024

In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in struct vhosttask. vhosttaskcreate creates a task and keeps a reference to its taskstruct. That task may exit early via a signal and its taskstruct will be released. A pending vhosttaskwake...

CVE-2025-40024 vhost: Take a reference on the task in struct vhost_task.

In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in struct vhosttask. vhosttaskcreate creates a task and keeps a reference to its taskstruct. That task may exit early via a signal and its taskstruct will be released. A pending vhosttaskwake...

CVE-2025-40024

CVE-2025-40024 relates to the Linux kernel vhost subsystem. The issue arises in vhost_task_create(), where a task is created and a reference to its task_struct is held; if the task exits early via a signal, its task_struct can be released, causing vhost_task_wake() to access a freed object. The f...

CVE-2025-40024 vhost: Take a reference on the task in struct vhost_task.

In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in struct vhosttask. vhosttaskcreate creates a task and keeps a reference to its taskstruct. That task may exit early via a signal and its taskstruct will be released. A pending vhosttaskwake...

spi: cadence-quadspi: Implement refcount to handle unbind during busy

...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987552)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987552 advisory. In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcomq6v5mss: Fix some leaks in q6v5allocmemoryregion The devicenode pointer is return...

CVE-2025-40002

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix use-after-free in tbdpdprxwork The original code relies on canceldelayedwork in tbdpdprxstop, which does not ensure that the delayed work item tunnel-dprxwork has fully completed if it was already running. This...

CVE-2025-40007

CVE-2025-40007 — Linux kernel netfs reference leak (concrete details) The issue is in netfs: fix reference leak inside the Linux kernel’s netfs code. A commit (20d72b00ca81) changed netfs_alloc_request() to initialize the reference counter to 2 instead of 1, under the assumption that the request’...

CVE-2025-40007 netfs: fix reference leak

In the Linux kernel, the following vulnerability has been resolved: netfs: fix reference leak Commit 20d72b00ca81 "netfs: Fix the request's work item to not require a ref" modified netfsallocrequest to initialize the reference counter to 2 instead of 1. The rationale was that the requet's "work"...

CVE-2025-40007 netfs: fix reference leak

In the Linux kernel, the following vulnerability has been resolved: netfs: fix reference leak Commit 20d72b00ca81 "netfs: Fix the request's work item to not require a ref" modified netfsallocrequest to initialize the reference counter to 2 instead of 1. The rationale was that the requet's "work"...