139 matches found
SUSE CVE-2026-45861
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in qdput Commit a475c5dd16e5 "gfs2: Free quota data objects synchronously" started freeing quota data objects during filesystem shutdown instead of putting them back onto the LRU list, but it failed ...
CVE-2026-45861
CVE-2026-45861 refers to a Linux kernel vulnerability in the GFS2 file system. The root cause is a slab-use-after-free: during filesystem shutdown, quota data objects were freed without being removed from the LRU list due to the change in the a475c5dd16e5 sequence. As a result, the shrinker (gfs2...
CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in qdput Commit a475c5dd16e5 "gfs2: Free quota data objects synchronously" started freeing quota data objects during filesystem shutdown instead of putting them back onto the LRU list, but it failed ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: Fixed handling of hwpoisoned large folio entries in shrinkfoliolist. In shrinkfoliolist, the hwpoisoned folio entries might be large folio entries that cannot be handled by unmappoisonedfolio. For THP processors,...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: gfs2: A use-after-free issue was fixed in gfs2glockshrinkscan. The GLFLRU flag is checked under lrulock in gfs2glockremovefromlru to remove a glock from the lru list in gfs2glockput. During the shrink scan process, the same flag ...
CVE-2026-31214
The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...
EUVD-2026-29498
The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...
PT-2026-40053
The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nrhwqueues Although we don't need to realloc set-tags when shrink nrhwqueues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe...
Astra Linux - уязвимость в linux-5.15, linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: dm thin: Fixed the ABBA deadlock between shrinkslab and dmpoolabortmetadata. The following concurrent processes: P1drop cache P2kworker dropcachessysctlhandler dropslab shrinkslab downread&shrinkerrwsem - LOCK A doshrinkslab...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: rustbinder: The spinlock call in rustshrinkfreepage has been removed. When porting Rust Binder to version 6.18, I overlooked including the commit fb56fdf8b9a2 “mm/listlru: split the lock to per-cgroup scope” in the consideration...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013238)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013238 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrinkslab and dmpoolabortmetadata Following concurrent...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006943)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006943 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrinkslab and dmpoolabortmetadata Following concurrent...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010831)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010831 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrinkslab and dmpoolabortmetadata Following concurrent...
Security Bulletin: Uninitialized Memory Exposure in node-tar list/t Sync Mode When Tar File Is Modified During Read affect IBM watsonx.data
Summary node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2. These can affect IBM watsonx.data...
CVE-2026-23069
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtiotransportgetcredit The credit calculation in virtiotransportgetcredit uses unsigned arithmetic: ret = vvs-peerbufalloc - vvs-txcnt - vvs-peerfwdcnt; If the peer shrinks its advertise...
UBUNTU-CVE-2026-23069
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtiotransportgetcredit The credit calculation in virtiotransportgetcredit uses unsigned arithmetic: ret = vvs-peerbufalloc - vvs-txcnt - vvs-peerfwdcnt; If the peer shrinks its advertise...
CVE-2025-71181
In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/listlru: split the lock to per-cgroup scope" into account, and apparently I did not end up...
CVE-2025-71181
In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/listlru: split the lock to per-cgroup scope" into account, and apparently I did not end up...
CVE-2025-71181 rust_binder: remove spin_lock() in rust_shrink_free_page()
In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/listlru: split the lock to per-cgroup scope" into account, and apparently I did not end up...