CVE-2026-45931

A flaw was found in the Linux kernel's accel/amdxdna module. This vulnerability occurs when the iommusvaunbinddevice function attempts to access a memory management mm structure after it has been deallocated, leading to a use-after-free condition. This can result in a system crash, causing a Deni...

CVE-2026-45931 accel/amdxdna: Hold mm structure across iommu_sva_unbind_device()

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommusvaunbinddevice Some tests trigger a crash in iommusvaunbinddevice due to accessing iommumm after the associated mm structure has been freed. Fix this by taking an explicit reference t...

CVE-2026-45931

The CVE-2026-45931 issue affects the Linux kernel’s accel/amdxdna module. A crash can occur in iommu_sva_unbind_device() when it accesses iommu_mm after the associated mm structure has been freed. The fix is to take an explicit reference to the mm structure after successfully binding the device a...

CVE-2026-45931

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommusvaunbinddevice Some tests trigger a crash in iommusvaunbinddevice due to accessing iommumm after the associated mm structure has been freed. Fix this by taking an explicit reference t...

CVE-2026-45931

accel/amdxdna: Hold mm structure across iommusvaunbinddevice...

SUSE CVE-2026-23429

In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fix crash in iommusvaunbinddevice domain-mm-iommumm can be freed by iommudomainfree: iommudomainfree mmdrop mmdrop mmpasiddrop After iommudomainfree returns, accessing domain-mm-iommumm may dereference a freed mm...

EUVD-2026-18664

In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fix crash in iommusvaunbinddevice domain-mm-iommumm can be freed by iommudomainfree: iommudomainfree mmdrop mmdrop mmpasiddrop After iommudomainfree returns, accessing domain-mm-iommumm may dereference a freed mm...

CVE-2026-23429

A flaw was found in the Linux kernel. Specifically, within the input/output memory management unit IOMMU subsystem, a memory management error can occur. When the iommusvaunbinddevice function is called, it may attempt to access a memory area that has already been freed. This can lead to a system...

CVE-2026-23429 iommu/sva: Fix crash in iommu_sva_unbind_device()

In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fix crash in iommusvaunbinddevice domain-mm-iommumm can be freed by iommudomainfree: iommudomainfree mmdrop mmdrop mmpasiddrop After iommudomainfree returns, accessing domain-mm-iommumm may dereference a freed mm...

CVE-2026-23429

In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fix crash in iommusvaunbinddevice domain-mm-iommumm can be freed by iommudomainfree: iommudomainfree mmdrop mmdrop mmpasiddrop After iommudomainfree returns, accessing domain-mm-iommumm may dereference a freed mm...

PT-2026-30124

In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fix crash in iommu sva unbind device domain-mm-iommu mm can be freed by iommu domain free: iommu domain free mmdrop mmdrop mm pasid drop After iommu domain free returns, accessing domain-mm-iommu mm may dereference a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iommusvaunbinddevice function’s access to released memory, potentially leading to crashes...

CVE-2023-53758

In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove An early error exit in atmelqspiremove doesn't prevent the device unbind. So this results in an spi controller with an unbound parent and unmapped regist...

DEBIAN-CVE-2025-37920

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AFXDP generic RX path Move rxlock from xsksocket to xskbuffpool. Fix synchronization for shared umem mode in generic RX path where multiple sockets share single xskbuffpool. RX queue is exclusive to...

CVE-2025-37920

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AFXDP generic RX path Move rxlock from xsksocket to xskbuffpool. Fix synchronization for shared umem mode in generic RX path where multiple sockets share single xskbuffpool. RX queue is exclusive to...

SUSE CVE-2022-49215

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. The current xsk unbind code in xskunbinddev starts by setting xs-state to XSKUNBOUND, sets xs-dev to...

SUSE CVE-2024-57844

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drmdeventer/drmdevexit. This fixes the followin...

PT-2025-3594 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel. The issue occurs when userspace holds an fd open, unbinds the device, and then closes it, causing the driver to attempt to access...

DEBIAN-CVE-2024-38611

In the Linux kernel, the following vulnerability has been resolved: media: i2c: et8ek8: Don't strip remove function when driver is builtin Using exit for the remove function results in the remove callback being discarded with CONFIGVIDEOET8EK8=y. When such a device gets unbound e.g. using sysfs o...

UBUNTU-CVE-2024-35816

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: prevent leak of left-over IRQ on unbind Commit 5a95f1ded28691e6 "firewire: ohci: use devres for requested IRQ" also removed the call to freeirq in pciremove, leading to a leftover irq of devmrequestirq at...