PT-2026-37539

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5e ipsec init macs by replacing mlx5 query mac address with ether addr copy to get the local MAC address directly from...

PT-2026-37510

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists where the dwc3 gadget vbus draw function can be called from an atomic context. This function invokes power-supply-core APIs, some of which contain PMIC Power Management...

Linux Distros Unpatched Vulnerability : CVE-2026-43170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3gadgetvbusdraw can be called from atomic context, which in turn invokes power-supply-core...

EUVD-2026-27362

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release The workqueue associated with an DSA/IAA device is not released when the object is freed...

CVE-2026-43064

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release The workqueue associated with an DSA/IAA device is not released when the object is freed...

CVE-2026-43064 dmaengine: idxd: Fix not releasing workqueue on .release()

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release The workqueue associated with an DSA/IAA device is not released when the object is freed...

CVE-2026-43064

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release The workqueue associated with an DSA/IAA device is not released when the object is freed...

CVE-2026-43064

CVE-2026-43064 affects the Linux kernel’s dmaengine idxd, where the workqueue for a DSA/IAA device was not released on object release. The underlying cause is that the workqueue remained bound to the freed object, leading to resource leaks. The issue is now fixed: the workqueue is released after ...

PT-2026-37067

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the dmaengine idxd component where the workqueue associated with a Data Streaming Accelerator DSA or Intel Analytics Accelerator IAA device is not released when t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “drm/msm: Add missing check and destroy for allocorderedworkqueue” This change reverts to the previous behavior in commit 643b7d0869cc7f1f7a5ac7ca6bd25d88f54e31d0. A recent patch attempted to fix the issues related to msmdrminit,...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Added a missing check for allocorderedworkqueue. Added a check on the return value of allocorderedworkqueue, as it may return a NULL pointer, leading to a NULL pointer dereferencing issue. Patchwork:...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sched/core: Do not requeue tasks on CPUs excluded from cpusmask. The following warning was triggered on a large machine during boot time in a distribution kernel; the same issue should also affect the mainline version of the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Do not wait in vain when unloading the module. There is a race condition in the module exit path, where both deleting all controllers and freeing the “leftover IDs” occur simultaneously. To prevent double-freeing, a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: microchip: sparx5: Fixed a potential null-ptr-deref in sparxstatsinit and sparx5start. sparxstatsinit calls createsinglethreadworkqueue, without checking the return value. This may result in NULL being returned. A...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: added flushworkqueue to prevent UAF. Our detector identified a bug caused by concurrent use-after-free when detaching a NCI device. The main reason for this bug is the unexpected scheduling between the delayed mechanism...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, for the dsa module, the microchip function has been updated to include a condition for scheduling the kszmibreadwork function. When the ksz module is installed or removed using the rmmod command, the kernel...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: locking/wwmutex/test: Fixed potential corruption of the workqueue. In some cases, when running with the test-wwmutex code, I observed odd behaviors where it seemed that flushworkqueue was returned before all work threads had...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpftimercancelandfree Currently, the same issue as in the previous patch two timer callbacks attempting to cancel each other can also occur through bpfmapupdateelem. More precisely, freeing elements containing...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fixed the warning “checkFlushDependency” in file workqueue.c. In the commit aee2424246f9 “RDMA/iwcm: Fixed a use-after-free issue related to destroying CM IDs”, the function flushworkqueue was called to flush the iwcmw...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Use hdev-workqueue when scheduling hdev-cmd,ncmdtimer works. syzbot reports that an attempt is made to schedule hdev-cmdwork from systemwq to hdev-workqueue WQ, which is currently in a draining operation 1. Commit...