CVE-2026-52918

The CVE-2026-52918 entry affects the Linux kernel Bluetooth code. Specifically, bt_sock_poll() traverses the accept_q queue without synchronization, while a child teardown can unlink the same socket and drop its last reference, enabling a race between polling and socket teardown. The documented f...

CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

SUSE CVE-2026-43318

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...

CVE-2026-43318

A flaw was found in the Linux kernel's drm/amdgpu component. A synchronization bug in the amdgpudmabufmovenotify function, which handles direct memory access buffer dmabuf movements, can lead to a page fault. This occurs when a process attempts to access a shared buffer while another process is...

CVE-2026-43318

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...

UBUNTU-CVE-2026-43318

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...

PT-2026-38969

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A synchronization bug exists in the amdgpu dma buf move notify function within the drm/amdgpu component. The issue occurs when a buffer object BO is moved by one process, requiring other...

Linux Distros Unpatched Vulnerability : CVE-2026-43318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves th...

ROS-20260408-73-0012

A vulnerability in the rcupreemptdeferredqshandler function of the kernel/rcu/treeplugin.h component of the Linux operating system kernel is related to simultaneous execution using a shared resource with incorrect synchronization. Exploitation of the vulnerability allows an attacker to cause a...

CVE-2026-27814

EVerest EV charging software stack is affected: a data race (C++ undefined behavior) in ac_switch_three_phases_while_charging triggers when a 1-phase ↔ 3-phase switch request runs concurrently with the state machine loop. Affected versions are prior to 2026.02.0; version 2026.02.0 contains the pa...

SUSE CVE-2023-54067

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting free space root from the dirty cow roots list When deleting the free space tree we are deleting the free space root from the list fsinfo-dirtycowonlyroots without taking the lock that protects it,...

CVE-2025-68207 drm/xe/guc: Synchronize Dead CT worker with unbind

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize Dead CT worker with unbind Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind operation. cherry pick...

DEBIAN-CVE-2025-40212

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix refcount leak in nfsdsetfhdentry nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses the MOUNT protocol ...

CVE-2023-53204 af_unix: Fix data-races around user->unix_inflight.

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data-races around user-unixinflight. user-unixinflight is changed under spinlockunixgclock, but toomanyunixfds reads it locklessly. Let's annotate the write/read accesses to user-unixinflight. BUG: KCSAN: data-race in...

kernel: tipc: fix use-after-free Read in tipc_named_reinit

A vulnerability was found in the Linux kernel's Transparent Inter-Process Communication TIPC subsystem, allowing a use-after-free condition during the cleanup process. This issue arises when the kernel's work queue mechanism does not properly synchronize the destruction of TIPC namespaces with th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: vxlan: vnifilter: Fixed the issue where the default FDB entry was deleted without holding the hash lock. When a VNI is deleted from a VXLAN device in ‘vnifilter’ mode, the FDB entry associated with the default remote assuming one...

CVE-2025-22053 net: ibmveth: make veth_pool_store stop hanging

In the Linux kernel, the following vulnerability has been resolved: net: ibmveth: make vethpoolstore stop hanging v2: - Created a single error handling unlock and exit in vethpoolstore - Greatly expanded commit message with previous explanatory-only text Summary: Use rtnlmutex to synchronize...

The vulnerability in the fs/quota/dquot.c component of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability in the fs/quota/dquot.c component of the Linux operating system is related to the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability in the events_base.c component of the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the eventsbase.c component in the Linux operating system’s kernel is related to the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability can allow an attacker to cause a service failure...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: i40e: A race condition was fixed by adding an intermediate filter synchronization state. A race condition in the i40e driver was addressed, which could cause MAC/VLAN filters to become corrupted and leak data. This issue occurs...