63 matches found
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
CVE-2026-10655
The asynchronous SNTP client in Zephyr subsys/net/lib/sntp/sntp.c, sntpcloseasync closed the UDP socket file descriptor directly from the calling thread immediately after detaching it from the network socket service, without synchronizing with the socket-service poll thread. The socket service...
CVE-2026-10655
Concrete details found: Zephyr’s asynchronous SNTP client (sntp_close_async) can race with the socket service poll thread. Closing the UDP socket descriptor from a different thread (SNTP timeout path) may free and reuse net_context while the poll thread holds a poller node, causing a use-after-fr...
CVE-2026-10655 Use-after-free race in SNTP async client when closing the socket while the socket service is still polling it
The asynchronous SNTP client in Zephyr subsys/net/lib/sntp/sntp.c, sntpcloseasync closed the UDP socket file descriptor directly from the calling thread immediately after detaching it from the network socket service, without synchronizing with the socket-service poll thread. The socket service...
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
Linux Distros Unpatched Vulnerability : CVE-2026-53256
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: RFCOMM: hold listener socket in rfcommconnectind rfcommgetsockbychannel scans rfcommsklist under the list lock, but returns the selected listener aft...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - UDP: Fixed a race condition between close and udpabort. - Kaustubh reported and diagnosed a panic condition in udpliblookup. The root cause is that udpabort is racing with close. Both functions attempt to acquire the socket...
CVE-2026-43198
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
CVE-2026-43198
In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcpv6synrecvsock Code in tcpv6synrecvsock after the call to tcpv4synrecvsock is done too late. After tcpv4synrecvsock, the child socket is already visible from TCP ehash table and other cpus might use i...
CVE-2026-43023 Bluetooth: SCO: fix race conditions in sco_sock_connect()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...
PT-2026-36440
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Bluetooth SCO component. The function sco sock connect performs checks on sk state and sk type without holding the socket lock. This allows two concurrent...
RLSA-2026:1143 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free in device mapper due to race condition in zone reporting CVE-2025-38141 kernel: Linux kernel use-after-free in eventpoll CVE-2025-38349 kernel: drm/xe: Fix...
MiracleLinux 9 : kernel-5.14.0-611.26.1.el9_7 (AXSA:2026-144:08)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-144:08 advisory. kernel: Linux kernel: Use-after-free in device mapper due to race condition in zone reporting CVE-2025-38141 kernel: Linux kernel use-after-free in...
kernel: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind
A use-after-free vulnerability was found in the Linux kernel's Bluetooth HCI socket implementation. A race condition between socket bind and write operations allows mgmtpending to free a command structure while writeiter is still attempting to send it, resulting in use-after-free when the freed...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
ALSA-2026:1143 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free in device mapper due to race condition in zone reporting CVE-2025-38141 kernel: Linux kernel use-after-free in eventpoll CVE-2025-38349 kernel: drm/xe: Fix...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004253)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004253 advisory. A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001454)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001454 advisory. A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an...