23 matches found
kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
A use-after-free flaw was found in the Linux kernel's iSCSI target subsystem. In the iscsitdecconnusagecount function, complete is called while still holding the conn-connusagelock spinlock. The waiting thread such as iscsitcloseconnection may wake up immediately and free the iscsitconn structure...
SUSE CVE-2026-53160
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpcmapcreate fastrpcmaplookup returns a raw pointer after releasing fl-lock. The caller fastrpcmapcreate then calls fastrpcmapget krefgetunlesszero on this unprotected pointer. A...
SUSE CVE-2026-53239
In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...
CVE-2026-53239 xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx()
In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed a issue where a “use-after-free” condition could occur during an interrupt. During a destroy CQ operation, an interrupt may cause the processing of a CQE to occur after the resources managed by irdmacqfreersrc...
kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
A use-after-free flaw was found in the Linux kernel's iSCSI target subsystem. In the iscsitdecconnusagecount function, complete is called while still holding the conn-connusagelock spinlock. The waiting thread such as iscsitcloseconnection may wake up immediately and free the iscsitconn structure...
kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
A use-after-free flaw was found in the Linux kernel's iSCSI target subsystem. In the iscsitdecconnusagecount function, complete is called while still holding the conn-connusagelock spinlock. The waiting thread such as iscsitcloseconnection may wake up immediately and free the iscsitconn structure...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a use-after-free issue when attempting to join an aborted transaction. When trying to join the current transaction, if it aborts, we read its “aborted” field after unlocking fsinfo-translock, without holding any...
CVE-2026-43388
CVE-2026-43388 (Linux kernel, DAMON) : The vulnerability arises in mm/damon/core/damos_walk(), which sets ctx->walk_control to a caller-provided control structure before checking if the context is running. If the context is inactive, it returns -EINVAL without clearing the pointer, leaving a d...
kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
A use-after-free flaw was found in the Linux kernel's iSCSI target subsystem. In the iscsitdecconnusagecount function, complete is called while still holding the conn-connusagelock spinlock. The waiting thread such as iscsitcloseconnection may wake up immediately and free the iscsitconn structure...
kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex instead of RTNL to protect the multicast route list, so that it will not change while the driver periodically traverse...
Siemens SCALANCE and RUGGEDCOM Improper Input Validation (CVE-2025-39841)
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the...
CVE-2023-53855
CVE-2023-53855 is a Linux kernel vulnerability in the DSA/Ocelot tagging path. When the tagging protocol in use is ocelot-8021q and a driver is unbound, the removal path can trigger an assertion failure in RTNL (RTNL: assertion failed at net/dsa/tag_8021q.c:409) and in vlan_vid_del, due to callin...
CVE-2023-53855 net: dsa: ocelot: call dsa_tag_8021q_unregister() under rtnl_lock() on driver remove
In the Linux kernel, the following vulnerability has been resolved: net: dsa: ocelot: call dsatag8021qunregister under rtnllock on driver remove When the tagging protocol in current use is "ocelot-8021q" and we unbind the driver, we see this splat: $ echo '0000:00:00.2'...
kernel: scsi: lpfc: Fix buffer free/clear order in deferred receive path
A use-after-free vulnerability exists in the linux kernel such that the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock...
kernel: scsi: lpfc: Fix buffer free/clear order in deferred receive path
A use-after-free vulnerability exists in the linux kernel such that the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock...
CVE-2023-53558
In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Avoid prinfo with spin lock in cblistinitgeneric prinfo is called with rtp-cbsgbllock spin lock locked. Because prinfo calls printk that might sleep, this will result in BUG like below: 0.206455 cblistinitgeneric:...
UBUNTU-CVE-2025-39841
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the...
UBUNTU-CVE-2022-49441
In the Linux kernel, the following vulnerability has been resolved: tty: fix deadlock caused by calling printk under ttyport-lock ptywrite invokes kmalloc which may invoke a normal printk to print failure message. This can cause a deadlock in the scenario reported by syz-bot below: CPU0 CPU1 CPU2...
kernel: wifi: iwlwifi: read txq->read_ptr under lock
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq-readptr under lock If we read txq-readptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry twice,...