CVE-2026-53262

Affected component: Linux kernel l2tp PPPoL2TP ioctl path. The vulnerability arises because pppol2tp_ioctl() read sock->sk->sk_user_data without locks or reference counting. A controllable sleep during copy_from_user (e.g., userfaultfd sleep) could allow a concurrent socket close to trigger...

EUVD-2026-39213

In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tpioctl pppol2tpioctl read sock-sk-skuserdata directly without any locks or reference counting. If a controllable sleep was induced during copyfromuser e.g. via a userfaultfd pag...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: tee, amdtee: fixed the use-after-free vulnerability in amdteeclosesession. There is a potential race condition in amdteeclosesession that may cause a use-after-free in amdteeopenSession. For example, if a session has a referen...

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by a session reference count leak, which may prevent network devices from being released...

CVE-2023-54076

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix missed ses refcounting Use new cifssmbsesincrefcount helper to get an active reference of @ses and @ses-dfsrootses if set. This will prevent @ses-dfsrootses of being put in the next call to cifsputsmbses and thus...

CVE-2023-54076

Technical details about CVE-2023-54076 are not publicly provided in the supplied documents. Monitor for vendor advisories for full specifics and remediation guidance.

CVE-2023-54076 smb: client: fix missed ses refcounting

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix missed ses refcounting Use new cifssmbsesincrefcount helper to get an active reference of @ses and @ses-dfsrootses if set. This will prevent @ses-dfsrootses of being put in the next call to cifsputsmbses and thus...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper handling of session reference counting, which could lead to reuse after release...

EUVD-2025-6402

Malicious code in bioql PyPI...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a use-of-free issue in multi-channel connections. There is a race condition between the session setup process and the ksmbdsessionsderegister function. The session can be freed before the connection is added to th...

NewStart CGSL MAIN 7.02 : kernel Multiple Vulnerabilities (NS-SA-2025-0084)

The remote NewStart CGSL host, running version MAIN 7.02, has kernel packages installed that are affected by multiple vulnerabilities: - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count...

SUSE CVE-2025-22040

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbdsessionsderegister. The session can be freed before the connection is added to channel list of session. This...

UBUNTU-CVE-2025-22040

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbdsessionsderegister. The session can be freed before the connection is added to channel list of session. This...

CVE-2024-58087

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire...

CVE-2024-58087

CVE-2024-58087 relates to the Linux kernel ksmbd subsystem. The root cause is a racy issue during session lookup and expire. The fix, as documented in connected sources, increments the session reference count while holding the relevant lock to prevent race conditions with session expiry. The vuln...

CVE-2024-58087 ksmbd: fix racy issue from session lookup and expire

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire...

UBUNTU-CVE-2024-49940

In the Linux kernel, the following vulnerability has been resolved: l2tp: prevent possible tunnel refcount underflow When a session is created, it sets a backpointer to its tunnel. When the session refcount drops to 0, l2tpsessionfree drops the tunnel refcount if session-tunnel is non-NULL...