Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsgctrldev and cdev struct rpmsgctrldev contains a struct cdev. The current code frees the rpmsgctrldev struct in rpmsgctrldevreleasedevice, but the cdev is a managed object, therefo...

CVE-2026-31656

A flaw was found in the Linux kernel's i915 graphics driver. A race condition exists between the heartbeat worker and intelengineparkheartbeat functions when releasing an engine request. This can lead to a reference count refcount underflow, resulting in a use-after-free vulnerability. A local...

CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix use-after-free in encoder release path The fopsvcodecrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-encodework. This creates a race window...

CVE-2026-31504

In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packetrelease via NETDEVUP race packetrelease has a race window where NETDEVUP can re-register a socket into a fanout group's arr array. The re-registration is not cleaned up by fanoutrelease, leaving a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005556)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005556 advisory. In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcmsendmsg for the same socket. syzkaller reported UAF in kcmrelease. 0 The scenar...

CVE-2026-23120

Technical details for CVE-2026-23120 are not provided in the connected documents. The Initial Description summarizes the race but does not specify affected products or fixes. Monitor vendor advisories for concrete remediation guidance.

MiracleLinux 9 : thunderbird-102.14.0-1.el9.ML.1 (AXSA:2023-6344:22)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6344:22 advisory. Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlmputlock In gdlmputlock, there is a small window of time in which the DFLUNMOUNT flag has been set but the lockspace hasn't been released, yet. In that window, dlm may still call gdlmast and gdlmbast...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986302 advisory. In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsgctrldev and cdev struct rpmsgctrldev contains a...

DEBIAN-CVE-2022-50405

In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all skuserdata reader finish before releasing the sock There is a race condition in vxlan that when deleting a vxlan device during receiving packets, there is a possibility that the sock is released after...

PT-2025-37513

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition exists in the sock map free function within the kernel's bpf and sockmap implementation. Specifically, sock map free calls release socksk without holding a reference t...

SUSE CVE-2025-38717

In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...

DEBIAN-CVE-2025-38717

In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...

CVE-2025-38717

CVE-2025-38717 – net/kcm race condition (Linux kernel) : Syzbot observed a race between kcm_unattach(psock) and kcm_release(kcm). The bug stems from a missing check of the flag kcm->tx_stopped before queue_work(), which can allow requeuing kcm->tx_work between cancel_work_sync() and unreser...

DEBIAN-CVE-2022-50217

In the Linux kernel, the following vulnerability has been resolved: fuse: write inode in fuserelease A race between write2 and close2 allows pages to be dirtied after fuseflush - writeinodenow. If these pages are not flushed from fuserelease, then there might not be a writable open file later. So...

UBUNTU-CVE-2022-50217

In the Linux kernel, the following vulnerability has been resolved: fuse: write inode in fuserelease A race between write2 and close2 allows pages to be dirtied after fuseflush - writeinodenow. If these pages are not flushed from fuserelease, then there might not be a writable open file later. So...

UBUNTU-CVE-2022-49919

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release flow rule object from commit path No need to postpone this to the commit release path, since no packets are walking over this object, this is accessed from control plane only. This helped uncovered UA...

CVE-2022-49920 netfilter: nf_tables: netlink notifier might race to release objects

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: netlink notifier might race to release objects commit release path is invoked via callrcu and it runs lockless to release the objects after rcu grace period. The netlink notifier handler might win race to...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel that stems from the mm/khugepaged component not properly locking anonvma when releasing pmd, which could lead t...