EUVD-2026-15253

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

CVE-2026-23311

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

CVE-2026-23311

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

UBUNTU-CVE-2026-23311

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

CVE-2026-23338

The CVE-2026-23338 issue affects the Linux kernel component drm/amdgpu/userq. Userspace can trigger kernel warnings by providing an incorrect or growing number of fences across a userq wait ioctl, causing a backtrace to be emitted. The fix removes WARN_ONs so that, when the kernel detects nothing...

CVE-2026-23328

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmtchann mgmtchann may be set to NULL if the firmware returns an unexpected error in aie2sendmgmtmsgwait. This can later lead to a NULL pointer dereference in aie2hwstop. Fix this b...

CVE-2026-23311

CVE-2026-23311 is a Linux kernel issue in perf/core: Fix of an invalid wait context in ctx_sched_in(). Lockdep reports a bug where a pinned event wakeup could grab a wait-queue lock under perf-context lock; the fix switches to using irq_work and avoids grabbing the lock in the problematic context...

CVE-2026-23311 perf/core: Fix invalid wait context in ctx_sched_in()

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

CVE-2026-23311

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

CVE-2026-23311 perf/core: Fix invalid wait context in ctx_sched_in()

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

CVE-2026-23311

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

SUSE CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from acquiring the wait queue lock under a performance context lock, potentially leading to an invalid...

Linux Distros Unpatched Vulnerability : CVE-2026-23311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the rin...

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure through the fn process in the /wait endpoint, which embeds user-supplied input directly into executable JavaScript without enforcing the intended security policy. An attacker can execute arbitrary JavaScript...

GHSA-W5PC-M664-R62V A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution

Summary PinchTab v0.8.3 through v0.8.5 allow arbitrary JavaScript execution through POST /wait and POST /tabs/id/wait when the request uses fn mode, even if security.allowEvaluate is disabled. POST /evaluate correctly enforces the security.allowEvaluate guard, which is disabled by default. Howeve...

A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution

Summary PinchTab v0.8.3 through v0.8.5 allow arbitrary JavaScript execution through POST /wait and POST /tabs/id/wait when the request uses fn mode, even if security.allowEvaluate is disabled. POST /evaluate correctly enforces the security.allowEvaluate guard, which is disabled by default. Howeve...

EUVD-2026-14880

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

ALPINE-CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...