PT-2026-44333

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmt src during MBPF check During concurrency testing, multiple instances can run in parallel, and each instance uses its own inst-lock while the core-lock protects the list of active instances...

CVE-2026-46079

CVE-2026-46079 (Linux kernel) : The issue arises in Ceph RBD integration where do_rbd_add() publishes a device with device_add() before calling device_add_disk(). If device_add_disk() fails after device_add() succeeds, the error path tears down with rbd_free_disk() and later rbd_dev_device_releas...

PT-2026-43946

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when device add disk fails do rbd add publishes the device with device add before calling device add disk. If device add disk fails after device add succeeds, the error path calls rbd free disk directly an...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: qcom: qdsp6: Fixed the issue where the q6apm component removal order during ADSP stop and start causes a crash. During ADSP stop, the q6apm-audio .remove callback unmounts the topology and removes PCM runtime during the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: mana: The use-after-free issue in manahwcdestroychannel has been fixed by reordering the teardown process. There is a potential race condition in manahwcdestroychannel. In this situation, hwc-callerctx is freed before the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Teardown of risc-specific bits after kvmexit During a module removal, kvmexit invokes an architecture-specific disable call, which disables AIA. However, we invoke aiaexit before kvmexit, resulting in the following...

spi: spi-fsl-lpspi: fix teardown order issue (UAF)

...

SUSE CVE-2026-31485

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller, which delays unregistration of the SPI controller until after the...

EUVD-2026-24849

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller, which delays unregistration of the SPI controller until after the...

CVE-2026-31485

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller, which delays unregistration of the SPI controller until after the...

CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller, which delays unregistration of the SPI controller until after the...

CVE-2026-31485

The CVE-2026-31485 issue affects the Linux kernel SPI driver for the FSL LPSPI controller. Root cause: teardown order when unregistering the SPI controller can race with in-flight DMA transfers, causing a NULL pointer dereference (UAF) and an I/O error in DMA RX during a transfer. The documented ...

PT-2026-34390

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devm spi register controller, which delays unregistration of the SPI controller until after th...

Linux Distros Unpatched Vulnerability : CVE-2026-23454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mana: fix use-after-free in manahwcdestroychannel by reordering teardown A potential race condition exists in manahwcdestroychannel where hwc-callerctx is...

EUVD-2026-18708

In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in manahwcdestroychannel by reordering teardown A potential race condition exists in manahwcdestroychannel where hwc-callerctx is freed before the HWC's Completion Queue CQ and Event Queue EQ are...

CVE-2026-23454

In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in manahwcdestroychannel by reordering teardown A potential race condition exists in manahwcdestroychannel where hwc-callerctx is freed before the HWC's Completion Queue CQ and Event Queue EQ are...

UBUNTU-CVE-2026-23454

In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in manahwcdestroychannel by reordering teardown A potential race condition exists in manahwcdestroychannel where hwc-callerctx is freed before the HWC's Completion Queue CQ and Event Queue EQ are...

CVE-2026-23454

CVE-2026-23454 (Linux kernel, mana subsystem) : A race in mana_hwc_destroy_channel() can free hwc->caller_ctx before CQ/EQ are destroyed, enabling a use-after-free/NULL dereference in mana_hwc_handle_resp(). The root cause is lack of IRQ synchronization and a teardown order that frees resource...

CVE-2026-23454 net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown

In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in manahwcdestroychannel by reordering teardown A potential race condition exists in manahwcdestroychannel where hwc-callerctx is freed before the HWC's Completion Queue CQ and Event Queue EQ are...

PT-2026-30149

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in mana hwc destroy channel where hwc-caller ctx is freed before the Hardware Completion Queue CQ and Event Queue EQ are destroyed. This can lead to a...