CVE-2022-50382 padata: Always leave BHs disabled when running ->parallel()

In the Linux kernel, the following vulnerability has been resolved: padata: Always leave BHs disabled when running -parallel A deadlock can happen when an overloaded system runs -parallel in the context of the current task: padatadoparallel -parallel pcryptaeadenc/dec padatadoserial...

CVE-2022-50382 padata: Always leave BHs disabled when running ->parallel()

In the Linux kernel, the following vulnerability has been resolved: padata: Always leave BHs disabled when running -parallel A deadlock can happen when an overloaded system runs -parallel in the context of the current task: padatadoparallel -parallel pcryptaeadenc/dec padatadoserial...

CVE-2022-50382

CVE-2022-50382 refers to a Linux kernel fix for a deadlock involving padata parallelization when BHs are enabled during the serial path. The issue occurs in padata_do_serial where a spin_lock on reorder->lock could be taken with BHs still on, enabling a deadlock on overload. The fix ensures BH...

PT-2025-40641

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the cnic module, specifically in the cnic delete task function, that can lead to a use-after-free condition. The issue arises from the use of canc...

PT-2025-38432

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The start task function in the Linux kernel may experience a null pointer dereference. This occurs because the return value of create singlethread workqueue is not checked, potentially...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the prefetchParentTask and recursiveDownloadWithDirectMetadata, which the first return value of the functions is dereferenced even when the functions returns an error. An attacker can cause the application t...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the prefetchParentTask and recursiveDownloadWithDirectMetadata, which the first return value of the functions is dereferenced even when the functions returns an error. An attacker can cause the application t...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the prefetchParentTask and recursiveDownloadWithDirectMetadata, which the first return value of the functions is dereferenced even when the functions returns an error. An attacker can cause the application t...

Dragonfly incorrectly handles a task structure’s usedTrac field

Impact The processPieceFromSource method figure 4.1 is part of a task processing mechanism. The method writes pieces of data to storage, updating a Task structure along the way. The method does not update the structure’s usedTraffic field, because an uninitialized variable n is used as a guard to...

GHSA-2QGR-GFVJ-QPCR Dragonfly incorrectly handles a task structure’s usedTrac field

Impact The processPieceFromSource method figure 4.1 is part of a task processing mechanism. The method writes pieces of data to storage, updating a Task structure along the way. The method does not update the structure’s usedTraffic field, because an uninitialized variable n is used as a guard to...

CVE-2025-59348 Dragonfly incorrectly handles a task structure’s usedTraffic field

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the processPieceFromSource method does not update the structure’s usedTraffic field, because an uninitialized variable n is used as a guard to the AddTraffic method call, instead of the...

CVE-2025-59348

CVE-2025-59348 affects Dragonfly, an open-source P2P file distribution and image acceleration system. The vulnerability lies in the processPieceFromSource method, where an uninitialized variable n is used as a guard for the AddTraffic call instead of the actual result.Size, causing the structure’...

Dragonfly incorrectly handles a task structure’s usedTrac field

The processPieceFromSource method figure 4.1 is part of a task processing mechanism. The method writes pieces of data to storage, updating a Task structure along the way. The method does not update the structure’s usedTraffic field, because an uninitialized variable n is used as a guard to the...

SUSE CVE-2023-53231

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as zerofsdecompressqueueendio can be called under rcu lock from blkmqflushpluglist. See the stacktrace 1 In such case we should hand off th...

SUSE CVE-2023-53326

In the Linux kernel, the following vulnerability has been resolved: powerpc: Don't try to copy PPR for task with NULL ptregs powerpc sets up PFKTHREAD and PFIOWORKER with a NULL ptregs, which from my arguably very short checking is not commonly done for other archs. This is fine, except when...

kernel: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()

A race condition was found in the Linux kernel’s POSIX CPU timer handling, where handleposixcputimers may run concurrently with posixcputimerdel on an exiting task which could result in use-after-free scenarios. An attacker with local user access could use this flaw to crash or escalate their...

CVE-2023-53326 powerpc: Don't try to copy PPR for task with NULL pt_regs

In the Linux kernel, the following vulnerability has been resolved: powerpc: Don't try to copy PPR for task with NULL ptregs powerpc sets up PFKTHREAD and PFIOWORKER with a NULL ptregs, which from my arguably very short checking is not commonly done for other archs. This is fine, except when...

DEBIAN-CVE-2025-39831

In the Linux kernel, the following vulnerability has been resolved: fbnic: Move phylink resume out of servicetask and into open/close The fbnic driver was presenting with the following locking assert coming out of a PM resume: 42.208116 T164 RTNL: assertion failed at drivers/net/phy/phylink.c 261...

CVE-2025-39831 fbnic: Move phylink resume out of service_task and into open/close

In the Linux kernel, the following vulnerability has been resolved: fbnic: Move phylink resume out of servicetask and into open/close The fbnic driver was presenting with the following locking assert coming out of a PM resume: 42.208116 T164 RTNL: assertion failed at drivers/net/phy/phylink.c 261...

CVE-2025-39831 fbnic: Move phylink resume out of service_task and into open/close

In the Linux kernel, the following vulnerability has been resolved: fbnic: Move phylink resume out of servicetask and into open/close The fbnic driver was presenting with the following locking assert coming out of a PM resume: 42.208116 T164 RTNL: assertion failed at drivers/net/phy/phylink.c 261...