Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: fixed a race condition in mptcpschedulework syzbot reported a use-after-free in mptcpschedulework 1 The issue arises from mptcpschedulework scheduling a task, then checking the refcount of sk-skrefcnt if the task was...

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

PT-2026-31306

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ATM send path sendmsg - vcc sendmsg - sigd send. The system reads the vcc pointer from msg-vcc without validation, and this pointer originates fro...

CVE-2025-71086

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rosekillbydevice rosekillbydevice collects sockets into a local array and then iterates over them to disconnect sockets bound to a device being brought down. The loop mistakenly indexes...

CVE-2025-40258

No description is available for this CVE. Mitigation If enabled, you may disable MPTCP support. For more information please read...

SUSE CVE-2025-40258

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...

AZL-71380 CVE-2025-40258 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...

CVE-2025-40258

The CVE-2025-40258 issue is confirmed in connected advisories for the Linux kernel: a race in mptcp_schedule_work() could cause use-after-free via sock_hold/sock_put timing around scheduled work. The fix, as described in the advisory, reorders operations by holding the socket before scheduling an...

EUVD-2025-201199

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...

UBUNTU-CVE-2022-48911

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfqueue: fix possible use-after-free Eric Dumazet says: The sockhold side seems suspect, because there is no guarantee that skrefcnt is not already 0. On failure, we cannot queue the packet and need to indicate an erro...

DEBIAN-CVE-2024-41006

In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a memory leak in nrheartbeatexpiry syzbot reported a memory leak in nrcreate 0. Commit 409db27e3a2e "netrom: Fix use-after-free of a listening socket." added sockhold to the nrheartbeatexpiry function, where a a socke...