153 matches found
mptcp: allow subflow rcv wnd to shrink
...
UBUNTU-CVE-2026-53183
In the Linux kernel, the following vulnerability has been resolved: mptcp: allow subflow rcv wnd to shrink In MPTCP connection, the window field in the TCP header refers to the MPTCP-level rcvnxt and it's right edge should not move backward. Such constraint is enforced at DSS option generation...
CVE-2026-53183
CVE-2026-53183 affects the Linux kernel MPTCP implementation. The issue allows the TCP subflow receive window to shrink independently of the netns, which can inflate the MPTCP receive window and cause incoming data to exceed the receiver’s rcvbuf, potentially leading to DoS or a system becoming u...
CVE-2026-53183 mptcp: allow subflow rcv wnd to shrink
In the Linux kernel, the following vulnerability has been resolved: mptcp: allow subflow rcv wnd to shrink In MPTCP connection, the window field in the TCP header refers to the MPTCP-level rcvnxt and it's right edge should not move backward. Such constraint is enforced at DSS option generation...
Linux Distros Unpatched Vulnerability : CVE-2026-53129
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/mbcache: cancel shrink work before destroying the cache mbcachedestroy calls shrinkerfree and then frees all cache entries and the cache itself, but it does...
CVE-2026-52949
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboshrink infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad "drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure" to the ttmboshrink path. Move delbulkmove from before the backup to...
EUVD-2026-38997
In the Linux kernel, the following vulnerability has been resolved: fs/mbcache: cancel shrink work before destroying the cache mbcachedestroy calls shrinkerfree and then frees all cache entries and the cache itself, but it does not cancel the pending cshrinkwork work item first. If...
CVE-2026-53129 fs/mbcache: cancel shrink work before destroying the cache
In the Linux kernel, the following vulnerability has been resolved: fs/mbcache: cancel shrink work before destroying the cache mbcachedestroy calls shrinkerfree and then frees all cache entries and the cache itself, but it does not cancel the pending cshrinkwork work item first. If...
CVE-2026-52949
In CVE-2026-52949, the Linux kernel DRM/TTM component ttm_bo_shrink() was fixed to prevent an infinite LRU walk on backup failure. The patch mirrors the prior ttm_bo_swapout() fix: move del_bulk_move from before the backup to after success, and switch to using ttm_resource_del_bulk_move_unevictab...
CVE-2026-52949 drm/ttm: Fix ttm_bo_shrink() infinite LRU walk on backup failure
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboshrink infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad "drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure" to the ttmboshrink path. Move delbulkmove from before the backup to...
PT-2026-51843
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/ttm component where a backup failure can lead to an infinite LRU Least Recently Used walk within the ttm bo shrink function. This occurs because the del bulk...
PT-2026-52023
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the fs/mbcache component. The mb cache destroy function calls shrinker free and frees cache entries and the cache itself without first canceling the...
CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink
Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...
CVE-2026-41158
Summary of CVE-2026-41158: The vulnerability concerns GPU DDK where backed sparse PMRs are not handled by the deferred free mechanism after shrink, allowing a non-privileged user to perform GPU system calls that write to arbitrarily freed physical pages. The root cause is that physical memory all...
SUSE CVE-2026-45861
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in qdput Commit a475c5dd16e5 "gfs2: Free quota data objects synchronously" started freeing quota data objects during filesystem shutdown instead of putting them back onto the LRU list, but it failed ...
CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in qdput Commit a475c5dd16e5 "gfs2: Free quota data objects synchronously" started freeing quota data objects during filesystem shutdown instead of putting them back onto the LRU list, but it failed ...
CVE-2026-45861
CVE-2026-45861 refers to a Linux kernel vulnerability in the GFS2 file system. The root cause is a slab-use-after-free: during filesystem shutdown, quota data objects were freed without being removed from the LRU list due to the change in the a475c5dd16e5 sequence. As a result, the shrinker (gfs2...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rustbinder: The spinlock call in rustshrinkfreepage has been removed. When porting Rust Binder to version 6.18, I overlooked including the commit fb56fdf8b9a2 “mm/listlru: split the lock to per-cgroup scope” in the consideration...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: gfs2: The use-of-free variable issue in gfs2glockshrinkscan has been fixed. The GLFLRU flag is checked under lrulock in gfs2glockremovefromlru, to remove a glock from the lru list in gfs2glockput. During the shrink scan process,...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: dm thin: Fixed the ABBA deadlock between shrinkslab and dmpoolabortmetadata. The following concurrent processes: P1drop cache P2kworker dropcachessysctlhandler dropslab shrinkslab downread&shrinkerrwsem - LOCK A doshrinkslab...