CVE-2025-21911 drm/imagination: avoid deadlock on fence release

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: avoid deadlock on fence release Do scheduler queue fence release processing on a workqueue, rather than in the release function itself. Fixes deadlock issues such as the following: 607.400437...

PT-2025-14364 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13.2-0 g925d379822da Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the kvfree rcu APIs using a system workqueue, which can lead to a kernel warning. The warning is...

The vulnerability in the kernel/workqueue.c module of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the kernel/workqueue.c module in the Linux operating system is related to insufficient resource locking. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2023-53022

In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid deadlock in enetctxonesteptstamp This lockdep splat says it better than I could: ================================ WARNING: inconsistent lock state 6.2.0-rc2-07010-ga9b9500ffaac-dirty 967 Not tainted...

SUSE CVE-2025-21846

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In 1 it was reported that the acct2 system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when...

DEBIAN-CVE-2025-21846

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In 1 it was reported that the acct2 system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when...

AZL-58532 CVE-2025-21846 affecting package kernel for versions less than 6.6.82.1-1

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In 1 it was reported that the acct2 system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when...

AZL-58569 CVE-2025-21846 affecting package kernel for versions less than 5.15.179.1-1

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In 1 it was reported that the acct2 system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when...

UBUNTU-CVE-2025-21846

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In 1 it was reported that the acct2 system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when...

CVE-2025-21859 USB: gadget: f_midi: f_midi_complete to call queue_work

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: fmidi: fmidicomplete to call queuework When using USB MIDI, a lock is attempted to be acquired twice through a re-entrant call to fmiditransmit, causing a deadlock. Fix it by using queuework to schedule the inner...

CVE-2025-21846 acct: perform last write from workqueue

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In 1 it was reported that the acct2 system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when...

CVE-2025-21846 acct: perform last write from workqueue

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In 1 it was reported that the acct2 system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when...

CVE-2025-21846

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In 1 it was reported that the acct2 system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when...

SUSE CVE-2025-21838

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal devicedel can lead to new work being scheduled in gadget-work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: devicedel...

DEBIAN-CVE-2025-21838

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal devicedel can lead to new work being scheduled in gadget-work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: devicedel...

CVE-2025-21838

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal devicedel can lead to new work being scheduled in gadget-work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: devicedel...

AZL-69012 CVE-2025-21838 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal devicedel can lead to new work being scheduled in gadget-work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: devicedel...

UBUNTU-CVE-2025-21838

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal devicedel can lead to new work being scheduled in gadget-work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: devicedel...

CVE-2025-21838

CVE-2025-21838: In the Linux kernel, the usb: gadget: core: flush gadget workqueue after device removal fix prevents leaking workqueue items when device_del() schedules new work (e.g., via dwc3). The root cause is device_del() potentially scheduling work in gadget->work, with the subsequent sc...

CVE-2025-21838 usb: gadget: core: flush gadget workqueue after device removal

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal devicedel can lead to new work being scheduled in gadget-work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: devicedel...