33 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: mana: The use-after-free issue in manahwcdestroychannel has been fixed by reordering the teardown process. There is a potential race condition in manahwcdestroychannel. In this situation, hwc-callerctx is freed before the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Teardown of riscv-specific bits after kvmexit During a module removal, kvmexit invokes an architecture-specific disable call, which disables AIA. However, we invoke aiaexit before kvmexit, resulting in the following...
CVE-2026-46275 Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free UAF and Null Pointer Dereference NPD conditions were observed in the lifecycle management of hciuart. The primary...
PT-2026-44333
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the iris media driver. A race condition occurs because the inst-lock protects individual instance internals while the core-lock protects the active instance...
CVE-2026-46079
CVE-2026-46079 concerns the Linux kernel RBD path. The issue arises when device_add_disk() is followed by a failure in device_add_disk(); the code can call rbd_free_disk() twice and then rbd_dev_device_release(), causing a null-ptr-deref in __blk_mq_free_map_and_rqs() during blk-mq cleanup. The f...
PT-2026-43946
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A null-pointer dereference occurs in the rbd module when device add disk fails after device add has successfully published the device. In this scenario, the error path triggers a double...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: qcom: qdsp6: Fixed the issue where q6apm removal ordering occurs during ADSP stop and start. During ADSP stop and start, the kernel crashes due to the order in which ASoC components are removed. During ADSP stop, the...
spi: spi-fsl-lpspi: fix teardown order issue (UAF)
...
SUSE CVE-2026-31485
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller, which delays unregistration of the SPI controller until after the...
EUVD-2026-24849
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller, which delays unregistration of the SPI controller until after the...
CVE-2026-31485
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller, which delays unregistration of the SPI controller until after the...
CVE-2026-31485
The CVE-2026-31485 issue affects the Linux kernel SPI driver for the FSL LPSPI controller. Root cause: teardown order when unregistering the SPI controller can race with in-flight DMA transfers, causing a NULL pointer dereference (UAF) and an I/O error in DMA RX during a transfer. The documented ...
CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller, which delays unregistration of the SPI controller until after the...
PT-2026-34390
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A teardown order issue exists in the spi-fsl-lpspi driver. The SPI controller is registered using devm spi register controller, which delays unregistration until after the fsl lpspi remo...
Linux Distros Unpatched Vulnerability : CVE-2026-23454
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mana: fix use-after-free in manahwcdestroychannel by reordering teardown A potential race condition exists in manahwcdestroychannel where hwc-callerctx is...
EUVD-2026-18708
In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in manahwcdestroychannel by reordering teardown A potential race condition exists in manahwcdestroychannel where hwc-callerctx is freed before the HWC's Completion Queue CQ and Event Queue EQ are...
CVE-2026-23454
In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in manahwcdestroychannel by reordering teardown A potential race condition exists in manahwcdestroychannel where hwc-callerctx is freed before the HWC's Completion Queue CQ and Event Queue EQ are...
UBUNTU-CVE-2026-23454
In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in manahwcdestroychannel by reordering teardown A potential race condition exists in manahwcdestroychannel where hwc-callerctx is freed before the HWC's Completion Queue CQ and Event Queue EQ are...
CVE-2026-23454 net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown
In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in manahwcdestroychannel by reordering teardown A potential race condition exists in manahwcdestroychannel where hwc-callerctx is freed before the HWC's Completion Queue CQ and Event Queue EQ are...
CVE-2026-23454
CVE-2026-23454 (Linux kernel, mana subsystem) : A race in mana_hwc_destroy_channel() can free hwc->caller_ctx before CQ/EQ are destroyed, enabling a use-after-free/NULL dereference in mana_hwc_handle_resp(). The root cause is lack of IRQ synchronization and a teardown order that frees resource...