kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: qcom: qdsp6: Fixed the issue where q6apm removal ordering occurs during ADSP stop and start. During ADSP stop and start, the kernel crashes due to the order in which ASoC components are removed. During ADSP stop, the...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: x86/kvm: The teardown of PV features also occurs during boot-up. Various PV features Async PF, PV EOI, steal time work through memory shared with the hypervisor. When we resume from hibernation, we must properly teardown all...

kernel: geneve: Fix use-after-free in geneve_find_dev().

A use-after-free vulnerability exists in the Linux kernel. When devnet is dismantled, the geneveexitbatchrtnl function calls unregisternetdevicequeue for each device in the network namespace. Later, when the device is freed, it is still linked to the backend UDP socket in the network namespace...

Linux Kernel __ptrace_may_access() Exit Race chage File Disclosure

This module exploits a race condition in the Linux kernel doexit teardown path affecting ptracemayaccess. During process termination, privileged file descriptors may remain accessible through pidfdgetfd after task-mm becomes NULL, allowing sensitive file disclosure from privileged SUID binaries...

CVE-2026-10634

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

EUVD-2026-36727

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

PT-2026-49241

Zephyr's native TCP stack iterates the global connection list in net tcp foreach subsys/net/ip/tcp.c using the SYS SLIST FOR EACH CONTAINER SAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcp lock while invoking the per-connection callback and...

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

kernel: net: openvswitch: Avoid releasing netdev before teardown completes

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasing netdev before teardown completes The patch cited in the Fixes tag below changed the teardown code for OVS ports to no longer unconditionally take the RTNL. After this change, the netdevdestroy...

kernel: net: openvswitch: Avoid releasing netdev before teardown completes

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasing netdev before teardown completes The patch cited in the Fixes tag below changed the teardown code for OVS ports to no longer unconditionally take the RTNL. After this change, the netdevdestroy...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel:...

AlmaLinux 9 : kernel (ALSA-2026:25217)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25217 advisory. kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: Linux kernel: Use-after-free in bonding driver leads to...

kernel: geneve: Fix use-after-free in geneve_find_dev().

A use-after-free vulnerability exists in the Linux kernel. When devnet is dismantled, the geneveexitbatchrtnl function calls unregisternetdevicequeue for each device in the network namespace. Later, when the device is freed, it is still linked to the backend UDP socket in the network namespace...

kernel: net: openvswitch: Avoid releasing netdev before teardown completes

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasing netdev before teardown completes The patch cited in the Fixes tag below changed the teardown code for OVS ports to no longer unconditionally take the RTNL. After this change, the netdevdestroy...

SUSE CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

RHEL 9 : kernel (RHSA-2026:25028)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25028 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: openvswitch: Avoid...

CVE-2026-46304

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...