EUVD-2026-38997

In the Linux kernel, the following vulnerability has been resolved: fs/mbcache: cancel shrink work before destroying the cache mbcachedestroy calls shrinkerfree and then frees all cache entries and the cache itself, but it does not cancel the pending cshrinkwork work item first. If...

EUVD-2026-38968

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix deadlock in remain-on-channel mt76remainonchannel and mt76roccomplete call mt76setchannel while already holding dev-mutex. Since mt76setchannel also acquires dev-mutex, this results in a deadlock. Use mt76setchann...

EUVD-2026-38966

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix use-after-free bugs in mt7915macdumpwork When the mt7915 pci chip is detaching, the mt7915crashdata is released in mt7915coredumpunregister. However, the work item dumpwork may still be running or pending,...

EUVD-2026-38965

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix use-after-free bugs in mt7996macdumpwork When the mt7996 pci chip is detaching, the mt7996crashdata is released in mt7996coredumpunregister. However, the work item dumpwork may still be running or pending,...

kernel: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()

A flaw was found in the Linux kernel's RDMA/mana component. A local user could trigger a kernel corruption by providing specific configurations through the user Application Programming Interface uAPI that cause an internal error. This issue arises when Work Queues WQs are specified to share the...

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...

kernel: RDMA/iwcm: Fix workqueue list corruption by removing work_list

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA Internet Wide Area RDMA Protocol iWARP subsystem. Incorrect work submission logic in the iwcm component can lead to multiple queueing of work items. This allows a work item to be processed and freed while still present in the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: libceph: fixed a race condition between delayedwork and cephmoncstop The way delayed work is handled in cephmoncstop is prone to races with monfault, and possibly also finishhunting. Both of these can requeue the delayed work,...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl8xxxu: Added cancelworksync for c2hcmdwork. The workqueue may still be running when the driver is stopped. To avoid a use-after-free, call cancelworksync in rtl8xxxustop...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: A potential deadlock has been fixed in deferredirqworkfn. For PREEMPTRT=y kernels, deferredirqworkfn is executed in the per-cpu irqwork/ task context, and not in disable-irq. If the rq returned by containerof is the...

Astra Linux – Vulnerability in Git

Git is a revision control system. Before versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, feeding specially crafted input to git apply --reject could cause a path outside the working tree to be overwritten with partially controlled contents...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nbd: Fixed an UAF in nbdgenlconnect, where an error path occurred after calling nbdstartdevice. There is a use-after-free issue in nbd: - block nbd6: Received control failed result: -104; sockets are being shut down. Bug: KASAN:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: micrel: Fixed the issue of receiving the timestamp in the frame for lan8841. The related commit began using the ptp workqueue to retrieve the second part of the timestamp. When the port is disabled, this workqueue is stopped...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: The IOWQBITEXIT check is performed within the work run loop. Currently, this check is performed before running the pending work. Normally, this is completely fine, as the work items either end up blocking other tas...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Thunderbolt: Fixed a use-after-free in tbdpdprxwork. The original code relied on canceldelayedwork in tbdpdprxstop, which does not ensure that the delayed work item tunnel-dprxwork has fully completed if it was already running...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: Fixed unsafe locking in the scxdumpstate function. For kernels built with CONFIGPREEMPTRT=y, the dumplock will be converted to a sleepable spinlock instead of a disable-irq one. This can lead to the following scenarios:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Use hdev-workqueue when scheduling hdev-cmd,ncmdtimer works. syzbot reports that an attempt is made to schedule hdev-cmdwork from systemwq to hdev-workqueue WQ, which is currently in a draining operation 1. Commit...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Input: appletouch – Initialize work before device registration. Syzbot has reported a warning in flushwork. This warning occurs due to work-func == NULL, which indicates that work initialization was missed. This issue can occur...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: iouring: Fixed a null-ptr-deref in iotctxexitcb. Syzkaller reports a NULL deref bug as follows: BUG: KASAN: null-ptr-deref in iotctxexitcb+0x53/0xd3 Read of size 4 at address 0000000000000138 by task file1/1955 CPU: 1 PID: 195...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed the destruction of kthread workers in polling mode. The cleanup order in polling mode irq worklist and WARNON!listempty&worker-delayedworklist. The original code called kthreadDestroyWorker before...