24 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rhashtable: A potential deadlock was fixed by moving the schedulework outside of the lock. The check for hash table growth and work scheduling were moved outside of the rht lock to prevent a possible circular locking dependency...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: fixed a race condition in mptcpschedulework syzbot reported a use-after-free in mptcpschedulework 1 The issue arises from mptcpschedulework scheduling a task, then checking the refcount of sk-skrefcnt if the task was...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the srcugpstartifneeded function in tiny SRCU directly calling schedulework. This could lead to...
SUSE-SU-2026:0939-1 Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7 RT)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.5 fixes various security issues The following security issues were fixed: - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds bsc1257629. - CVE-2025-38488: smb: client: fix use-after-free in...
SUSE SLES15 Security Update : kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7 RT) (SUSE-SU-2026:0940-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0940-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.3 fixes various security issues The following security issues were fixed: -...
kernel: mptcp: fix race condition in mptcp_schedule_work()
A race in mptcpschedulework could lead to a use-after-free: the function queued work and only then acquired a reference to the socket. If the worker ran to completion immediately, the subsequent sockhold operated on a freed object. Impact ranges from kernel crash DoS to potential privilege...
kernel: mptcp: fix race condition in mptcp_schedule_work()
A race in mptcpschedulework could lead to a use-after-free: the function queued work and only then acquired a reference to the socket. If the worker ran to completion immediately, the subsequent sockhold operated on a freed object. Impact ranges from kernel crash DoS to potential privilege...
Azure Linux 3.0 Security Update: kernel (CVE-2025-22014)
"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22014 advisory. - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates CVE-2025-38678 In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise CVE-2025-40040 In the Lin...
mptcp: fix race condition in mptcp_schedule_work()
...
CVE-2025-40258
No description is available for this CVE. Mitigation If enabled, you may disable MPTCP support. For more information please read...
SUSE CVE-2025-40258
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
CVE-2025-40258
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
AZL-71380 CVE-2025-40258 affecting package kernel for versions less than 6.6.119.3-1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
UBUNTU-CVE-2025-40258
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
CVE-2025-40258 mptcp: fix race condition in mptcp_schedule_work()
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
CVE-2025-40258
The CVE-2025-40258 issue is confirmed in connected advisories for the Linux kernel: a race in mptcp_schedule_work() could cause use-after-free via sock_hold/sock_put timing around scheduled work. The fix, as described in the advisory, reorders operations by holding the socket before scheduling an...
CVE-2025-40258 mptcp: fix race condition in mptcp_schedule_work()
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
CVE-2025-40258
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
Linux Distros Unpatched Vulnerability : CVE-2025-22014
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdraddlookup to...