PT-2026-44331

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the batman-adv module, TP meter sessions remain linked on bat priv-tp list after a netlink request finishes. When the mesh interface is removed, the batadv mesh free function tears do...

CVE-2026-45961

A flaw was found in the Linux kernel's GFS2 filesystem. When a GFS2 filesystem transitions to read-write mode, specific error handling paths within the gfs2fillsuper function fail to properly deallocate memory. This can lead to memory leaks of kernel thread objects and quota bitmap buffers. Over...

CVE-2026-45949

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...

UBUNTU-CVE-2026-46047

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Fix use-after-free in driver remove In the remove callback, if a packet arrives after destroyworkqueue is called, but before sockrelease, the qrtrnsdataready callback will try to queue the work, causing...

CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Fix use-after-free in driver remove In the remove callback, if a packet arrives after destroyworkqueue is called, but before sockrelease, the qrtrnsdataready callback will try to queue the work, causing...

EUVD-2026-32429

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Fix use-after-free in driver remove In the remove callback, if a packet arrives after destroyworkqueue is called, but before sockrelease, the qrtrnsdataready callback will try to queue the work, causing...

CVE-2026-46047

The CVE-2026-46047 entry describes a use-after-free in the Linux kernel net: qrtr: ns driver removal path. In the remove callback, if a packet arrives between destroy_workqueue() and sock_release(), the qrtr_ns_data_ready() callback may attempt to queue work, dereferencing a freed work item. The ...

CVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error path

In the Linux kernel, the following vulnerability has been resolved: gfs2: fix memory leaks in gfs2fillsuper error path Fix two memory leaks in the gfs2fillsuper error handling path when transitioning a filesystem to read-write mode fails. First leak: kthread objects threadstruct, taskstruct, etc...

PT-2026-43914

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the QRTR nameservice driver during the remove process. If a packet arrives after destroy workqueue is called but before sock release, the qrtr ns data...

Linux Distros Unpatched Vulnerability : CVE-2026-45961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gfs2: fix memory leaks in gfs2fillsuper error path Fix two memory leaks in the gfs2fillsuper error handling path when transitioning a filesystem to read-write...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Writeback: Do not block the sync operation for filesystems with no data integrity guarantees. A SBINODATAINTEGRITY superblock flag has been added for filesystems that cannot guarantee data persistence during sync operations e.g.,...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: “riscv”: preventing corruption of pt regs for secondary idle threads. The top of the kernel thread stack should be reserved for pt regs. However, this is not the case for the idle threads of the secondary boot harts. Their stacks...

Astra Linux - уязвимость в linux-5.10

Due to a vulnerability in the iouring subsystem, it is possible to leak kernel memory information to the user process. The timesinstall function calls currentissinglethreaded to determine whether the current process is single-threaded. However, this call does not take into account iouring’s...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/FPU: Fixed NULL dereference in avx512status. Problem: When CONFIGX86DEBUGFPU is enabled, reading /proc/kthread/archstatus causes a warning and a NULL pointer dereference. This occurs because the AVX-512 timestamp code uses...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Net: rose: fixed the issue where timers race against user threads. The Rose timers only acquire the socket spinlock, without checking whether the socket is owned by a specific user thread. A check should be added, and the time...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the issue where a leak occurred in nfs4openowner when the nfsd4open operation occurred concurrently. The action force umount-f attempt will try to terminate all rpctask processes. However, the umount operation may...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert “i2c: i801: replace acpilock with I2C bus lock” This revertment is achieved through commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. Under rare circumstances, multiple udev threads may collect information about...

CVE-2026-8695

A flaw was found in radare2. A remote attacker can exploit a use-after-free vulnerability in the gdbrthreadslist function by sending a specific sequence of GDB remote debugging responses. This can lead to memory corruption, potentially allowing for arbitrary code execution or causing a denial of...

UBUNTU-CVE-2026-8695

radare2 6.1.5 contains a use-after-free vulnerability in the gdbrthreadslist function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote...

CVE-2026-8695 radare2 6.1.5 Use-After-Free via gdbr_threads_list()

radare2 6.1.5 contains a use-after-free vulnerability in the gdbrthreadslist function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote...