24 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: rhashtable: A potential deadlock was fixed by moving the schedulework outside of the lock. The check for hash table growth and the scheduling of work are moved outside of the rht lock to prevent a possible circular locking...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the srcugpstartifneeded function in tiny SRCU directly calling schedulework. This could lead to...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
SUSE-SU-2026:0939-1 Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7 RT)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.5 fixes various security issues The following security issues were fixed: - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds bsc1257629. - CVE-2025-38488: smb: client: fix use-after-free in...
SUSE SLES15 Security Update : kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7 RT) (SUSE-SU-2026:0940-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0940-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.3 fixes various security issues The following security issues were fixed: -...
kernel: mptcp: fix race condition in mptcp_schedule_work()
A race in mptcpschedulework could lead to a use-after-free: the function queued work and only then acquired a reference to the socket. If the worker ran to completion immediately, the subsequent sockhold operated on a freed object. Impact ranges from kernel crash DoS to potential privilege...
kernel: mptcp: fix race condition in mptcp_schedule_work()
A race in mptcpschedulework could lead to a use-after-free: the function queued work and only then acquired a reference to the socket. If the worker ran to completion immediately, the subsequent sockhold operated on a freed object. Impact ranges from kernel crash DoS to potential privilege...
Azure Linux 3.0 Security Update: kernel (CVE-2025-22014)
"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22014 advisory. - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates CVE-2025-38678 In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise CVE-2025-40040 In the Lin...
mptcp: fix race condition in mptcp_schedule_work()
...
CVE-2025-40258
No description is available for this CVE. Mitigation If enabled, you may disable MPTCP support. For more information please read...
SUSE CVE-2025-40258
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
AZL-71380 CVE-2025-40258 affecting package kernel for versions less than 6.6.119.3-1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
CVE-2025-40258
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
UBUNTU-CVE-2025-40258
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
CVE-2025-40258 mptcp: fix race condition in mptcp_schedule_work()
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
CVE-2025-40258 mptcp: fix race condition in mptcp_schedule_work()
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
CVE-2025-40258
The CVE-2025-40258 issue is confirmed in connected advisories for the Linux kernel: a race in mptcp_schedule_work() could cause use-after-free via sock_hold/sock_put timing around scheduled work. The fix, as described in the advisory, reorders operations by holding the socket before scheduling an...
CVE-2025-40258
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
Linux Distros Unpatched Vulnerability : CVE-2025-22014
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdraddlookup to...