EUVD-2025-9352

Malicious code in bioql PyPI...

CVE-2022-49968

In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroyworkqueue call There is a possible race condition use-after-free like below FREE | USE adf7242remove | adf7242channel canceldelayedworksync | destroyworkqueue 1 | adf7242cmdrx | moddelayedwork 2 |...

CVE-2025-21838

CVE-2025-21838: In the Linux kernel, the usb: gadget: core: flush gadget workqueue after device removal fix prevents leaking workqueue items when device_del() schedules new work (e.g., via dwc3). The root cause is device_del() potentially scheduling work in gadget->work, with the subsequent sc...

CVE-2025-21838 usb: gadget: core: flush gadget workqueue after device removal

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal devicedel can lead to new work being scheduled in gadget-work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: devicedel...

CVE-2022-49059

The CVE-2022-49059 issue is a Linux kernel vulnerability in NFC/NCI where a race between a delayed mechanism (timer) and a workqueue can lead to a use-after-free when detaching an NCI device. The fix added flush_workqueue to prevent this UAF by ensuring the timer/workqueue lifecycle cannot race w...

CVE-2024-56599

CVE-2024-56599 records a Linux kernel vulnerability in the wifi/ath10k SDIO path where rmmod ath10k could panic if CONFIG_INIT_ON_FREE_DEFAULT_ON is enabled. The root cause is a NULL-pointer path involving destroying the sdio workqueue before ath10k_core_destroy frees the wiphy/cfg80211 device, l...