CVE-2026-43253

CVE-2026-43253 relates to the Linux kernel IOMMU AMD component. When iommu.strict=1, the wait_on_sem() busy-wait runs inside a spinlock with interrupts disabled, risking soft lockups under load. The fix moves the completion wait out of the spinlock in iommu_completion_wait(), since wait_on_sem() ...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the AMD IOMMU driver’s use of the waitonsem function within a spinlock, potentially leading to a...

PT-2026-37593

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description When iommu.strict is set to 1, the completion wait path can cause soft lockups in stressed environments. This occurs because the wait on sem function busy-waits while holding a spinlock...

Linux Distros Unpatched Vulnerability : CVE-2026-43253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu/amd: move waitonsem out of spinlock With iommu.strict=1, the existing completion wait path can cause soft lockups under stressed environment, as waitonsem...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories CVE-2025-68736 In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context CVE-2026-23102 In the Linu...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fscache: Use waitonbit to wait for the relinquished volume to be freed. The freeing of the relinquished volume will wake up the pending volume acquisition by using wakeupbit. However, this approach conflicts with waitvarevent,...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: gadgetfs: epio – wait until IRQ finishes. After usbepqueue, if waitforcompletioninterruptible is interrupted, we need to wait until IRQ is completed. Otherwise, complete from epiocomplete can corrupt the stack...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: Ensure that node page reads are completed before f2fsputsuper finishes. The Xfstests generic/335 and generic/336 tests sometimes crash with the following message: F2FS-fs dm-0: Detect a reference count leak in the filesyste...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: Add GFPNOIO to the bio completion if necessary. The bio completion path in the process context e.g., dm-verity will directly call into decompression instead of triggering another workqueue context for minimal scheduling...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Makes rmwlock a rawspinlock. The following bug was triggered: ============================= Bug: Invalid wait context 6.12.0-rc2-XXX 406 Not tainted ----------------------------- kworker/1:1/62 is trying to lock:...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fixed a use-after-free in epremovewaitqueue If a non-root cgroup is removed while there is a thread that registered a trigger and is polling on a pressure file within the cgroup, the polling waitqueue will be freed in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: posix-timers: A situation where livelock occurs in itimerdelete has been addressed. Itimerdelete includes a retry loop when the timer expires simultaneously. On non-RT kernels, this simply involves waiting until the timer callbac...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfcgetsfpinfo The MBXTIMEOUT return code is not properly handled in lpfcgetsfpinfo, and the routine unconditionally frees the submitted mailbox commands, regardless of the return status. Th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Ensure that lastfence is always updated. Update lastfence in the vm-bind path, rather than the kernel-managed path. lastfence is used to wait for work to complete in vmbind contexts, but not in kernel-managed contexts...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: refscale: Uninitialized use of waitqueueheadt was fixed. Running the refscale test occasionally causes the kernel to crash with the following error: 8569.952896 BUG: Unable to handle a page fault for address: ffffffffffffffe8...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: PM: hibernate: deferring device probing when resuming from hibernation syzbot is reporting a hung task at miscopen, due to a race condition involving the probecount variable. Currently, waitfordeviceprobe from snapshotopen and...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed devices When an SCSI device is removed while still in active use, currently, sg will immediately return -ENODEV whenever attempts are made to wait for active commands th...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: kcm: An annotation was added for the data-race around kcm-rxwait. kcm-rxpsock can be accessed without a read lock in kcmrfree. The read and write operations were also updated accordingly. syzbot reported: BUG: KCSAN: A data-ra...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: md/raid1: The issue of stack memory usage after a return in the raid1reshape function has been fixed. In the raid1reshape function, the newpool is allocated on the stack and assigned to conf-r1biopool. This causes...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: SPI: sun6i – Fixing the race condition between DMA RX transfer completion and RX FIFO drain. Previously, the transfer-completion interrupt would immediately drain the RX FIFO to read any remaining data in the FIFO into the RX...