Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: ena: Fixed error handling in enainit The enainit function no longer destroys the workqueue created by createsinglethreadworkqueue when pciregisterdriver fails. Calling destroyworkqueue when pciregisterdriver fails prevents...

EUVD-2026-32429

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Fix use-after-free in driver remove In the remove callback, if a packet arrives after destroyworkqueue is called, but before sockrelease, the qrtrnsdataready callback will try to queue the work, causing...

CVE-2026-46047

CVE-2026-46047: In the Linux kernel, net: qrtr: ns use-after-free in driver remove is fixed. The vulnerability arises if a packet arrives after destroy_workqueue() but before sock_release(), causing qrtr_ns_data_ready() to queue a work item that dereferences freed memory. Root and distro advisori...

PT-2026-43914

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the QRTR nameservice driver during the remove process. If a packet arrives after destroy workqueue is called but before sock release, the qrtr ns data...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Lag, fix failure to cancel delayed bond work The commit 0d4e8ed139d8 “net/mlx5: Lag, avoid lockdep warnings” accidentally removed a call to cancel delayed bond work. This may cause queued delays to expire and affect wor...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fixed the null-ptr-deref issue in ibcorecleanup. KASAN reported a null-ptr-deref error: KASAN: Null pointer dereferencing in the range 0x0000000000000118–0x000000000000011f. CPU: 1; PID: 379. Hardware name: QEMU Standa...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iavf: Error handling in iavfinitmodule has been fixed. The iavfinitmodule no longer destroys the workqueue when pciregisterdriver fails. Instead, call destroyworkqueue when pciregisterdriver fails to prevent resource leaks. This...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004861)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004861 advisory. In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroyworkqueue call There is a possible race condition use-after-free...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992812)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992812 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in enainit The enainit won't destroy workqueue created by...

CVE-2025-40003

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls canceldelayedwork in ocelotstatsdeinit to cancel the cyclic delayed work item ocelot-statswork. However, canceldelayedwork may fail to canc...

DEBIAN-CVE-2025-40003

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls canceldelayedwork in ocelotstatsdeinit to cancel the cyclic delayed work item ocelot-statswork. However, canceldelayedwork may fail to canc...

UBUNTU-CVE-2025-40003

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls canceldelayedwork in ocelotstatsdeinit to cancel the cyclic delayed work item ocelot-statswork. However, canceldelayedwork may fail to canc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986392)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986392 advisory. In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have...

PT-2025-42708

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the networking subsystem, specifically in the mscc ocelot component. The problem arises from a cyclic delayed work item where canc...

CVE-2022-50441

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Lag, fix failure to cancel delayed bond work Commit 0d4e8ed139d8 "net/mlx5: Lag, avoid lockdep warnings" accidentally removed a call to cancel delayed bond work thus it may cause queued delay to expire and fall on an...

Linux Distros Unpatched Vulnerability : CVE-2022-50369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/vkms: Fix null-ptr-deref in vkmsrelease A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms-output.composerworkq in vkmsrelease...

PT-2025-38179

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A null-ptr-deref issue exists in the vkms release function within the drm/vkms module of the Linux kernel. This occurs when attempting to destroy a workqueue composer workq that has no...

CVE-2025-39706

Summary: CVE-2025-39706 affects the Linux kernel's DRM/AMDKFD path. The issue arises when destroying KFD debugfs before kfd_process_destroy_wq, causing a NULL pointer hang due to an attempted remove of /sys/kernel/debug/kfd/proc/ after /sys/kernel/debug/kfd was destroyed. Root cause: proc content...

CVE-2025-39692

CVE-2025-39692 is a Linux kernel vulnerability related to the SMB ksmbd path where ksmbd_rdma_stop_listening() must be called before stop_sessions() to avoid using the smb_direct_wq pointer after destroy. The issue arises when the order is not respected, allowing existing connections to reference...

Linux Distros Unpatched Vulnerability : CVE-2025-38356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Explicitly exit CT safe mode on unwind During driver probe we might be briefly...