CVE-2023-54246

CVE-2023-54246 affects the Linux kernel. The issue arises from rcuscale: rcu_scale_writer() scheduling using schedule_timeout_uninterruptible(), which can hang when rcuscale.holdoff exceeds hung_task_timeout_secs. The fix replaces schedule_timeout_uninterruptible() with schedule_timeout_idle(), a...

CVE-2023-54246 rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle()

In the Linux kernel, the following vulnerability has been resolved: rcuscale: Move rcuscalewriter scheduletimeoutuninterruptible to idle The rcuscale.holdoff module parameter can be used to delay the start of rcuscalewriter kthread. However, the hung-task timeout will trigger when the timeout...

CVE-2022-50833

CVE-2022-50833 relates to the Linux kernel Bluetooth HCI work queue handling. The issue arose when scheduling hdev->{cmd,ncmd}_timer work on the hdev->workqueue during a draining WQ, which could conflict with a destruction-during-queue state. The mitigation involves using the hdev->workq...

CVE-2023-54195

CVE-2023-54195 affects the Linux kernel’s rxrpc stack. A call that hasn’t been granted a channel could timeout prematurely because rxrpc_kernel_set_max_life() started the call timer before a connection was assigned, risking a NULL pointer dereference. The published fixes note to record timeouts i...

CVE-2023-54195 rxrpc: Fix timeout of a call that hasn't yet been granted a channel

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix timeout of a call that hasn't yet been granted a channel afsmakecall calls rxrpckernelbegincall to begin a call which may get stalled in the background waiting for a connection to become available; it then calls...

CVE-2023-54195

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix timeout of a call that hasn't yet been granted a channel afsmakecall calls rxrpckernelbegincall to begin a call which may get stalled in the background waiting for a connection to become available; it then calls...

CVE-2023-54195 rxrpc: Fix timeout of a call that hasn't yet been granted a channel

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix timeout of a call that hasn't yet been granted a channel afsmakecall calls rxrpckernelbegincall to begin a call which may get stalled in the background waiting for a connection to become available; it then calls...

CVE-2023-54166

CVE-2023-54166 concerns the Linux kernel igc driver. The description states that during certain conditions, such as a transmit timeout (ndo_tx_timeout) and racing events when the interface is brought down/up (igc_reinit_locked) or an interrupt occurs, a race can trigger a kernel panic via igc_tx_...

CVE-2023-54166 igc: Fix Kernel Panic during ndo_tx_timeout callback

In the Linux kernel, the following vulnerability has been resolved: igc: Fix Kernel Panic during ndotxtimeout callback The Xeon validation group has been carrying out some loaded tests with various HW configurations, and they have seen some transmit queue time out happening during the test. This...

CVE-2023-54166 igc: Fix Kernel Panic during ndo_tx_timeout callback

In the Linux kernel, the following vulnerability has been resolved: igc: Fix Kernel Panic during ndotxtimeout callback The Xeon validation group has been carrying out some loaded tests with various HW configurations, and they have seen some transmit queue time out happening during the test. This...

CVE-2023-54166

In the Linux kernel, the following vulnerability has been resolved: igc: Fix Kernel Panic during ndotxtimeout callback The Xeon validation group has been carrying out some loaded tests with various HW configurations, and they have seen some transmit queue time out happening during the test. This...

PT-2025-53995

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw in the igc driver that could lead to a kernel panic during an ndo tx timeout callback. This issue was discovered during loaded tests with various hardwa...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the rcuscale.holdoff parameter when set too large, which can lead to a task blocking timeout...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992183)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992183 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to...

PT-2025-54024

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc7-build3+ 701 Description A flaw exists in the Linux kernel's rxrpc subsystem related to call timeouts. Specifically, the issue occurs when a call is stalled while waiting for a connection, potentially...

PT-2025-54075

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc1-00134-gb9ed6de8d4ff 7 Description The Linux kernel contains a flaw within the rcuscale functionality. Specifically, the rcuscale.holdoff module parameter can be manipulated to delay the start of the rcu...

curl: WebSocket Logic Error: Control Frame (PING/PONG) Starvation causes Connection Drop (DoS) during large transfers

Summary: I have discovered a logic flaw in lib/ws.c regarding the handling of WebSocket Control Frames PING/PONG. According to RFC 6455, Control Frames should be processed as soon as possible, even in the middle of fragmented data frames, to maintain connection state Keep-Alive. However, libcurl...

spi: tegra210-quad: Fix timeout handling

...

SUSE CVE-2022-50716

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: Fix use-after-free on ar5523cmd timed out syzkaller reported use-after-free with the stack trace like below 1: 38.960489 C3 ================================================================== 38.963216 C3 BUG: KASAN:...

SUSE CVE-2025-68746

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on typically CPU 0 is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached...