CVE-2026-43216

Summary of CVE-2026-43216 : In the Linux kernel, skb_may_tx_timestamp() could acquire sock::sk_callback_lock in IRQ context, risking a deadlock if the lock was already write-locked on the same CPU. The fix drops the lock and uses READ_ONCE() / WRITE_ONCE() to safely access and clear the pointers ...

CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: annotate data-races around hdev-reqstatus hcicmdsyncsk sets hdev-reqstatus under hdev-reqlock: hdev-reqstatus = HCIREQPEND; However, several other functions read or write hdev-reqstatus without holding any loc...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sysctl: Data race issues in procdouintvec have been fixed. A sysctl variable is accessed concurrently, and there is always a risk of data races. Therefore, both readers and writers need some basic protection to avoid load/store...

CVE-2026-23212 bonding: annotate data-races around slave->last_rx

In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave-lastrx slave-lastrx and slave-targetlastarprx... can be read and written locklessly. Add READONCE and WRITEONCE annotations. syzbot reported: BUG: KCSAN: data-race in bondrcvvalidate /...

CVE-2026-23124

CVE-2026-23124 is a Linux kernel IPv6 data-race issue in ndisc_router_discovery() where reads/writes to in6_dev->ra_mtu occur without proper synchronization. The race can occur during router advertisement MTU handling (mtu checks are noted but not yet enforced); the fix adds READ_ONCE()/WRITE_...

CVE-2023-54226 af_unix: Fix data races around sk->sk_shutdown.

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data races around sk-skshutdown. KCSAN found a data race around sk-skshutdown where unixreleasesock and unixshutdown update it under unixstatelock, OTOH unixpoll and unixdgrampoll read it locklessly. We need to annota...

UBUNTU-CVE-2025-68336

In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in dorawwritelock KCSAN reports: BUG: KCSAN: data-race in dorawwritelock / dorawwritelock write marked to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1: dorawwritelock+0x120/0x204...

CVE-2023-53853 netlink: annotate accesses to nlk->cb_running

In the Linux kernel, the following vulnerability has been resolved: netlink: annotate accesses to nlk-cbrunning Both netlinkrecvmsg and netlinknativeseqshow read nlk-cbrunning locklessly. Use READONCE there. Add corresponding WRITEONCE to netlinkdump and netlinkdumpstart syzbot reported: BUG:...

EUVD-2022-54598

Malicious code in bioql PyPI...

EUVD-2022-54591

Malicious code in bioql PyPI...

EUVD-2022-54592

Malicious code in bioql PyPI...

CVE-2022-49967

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpfjitlimit. While reading bpfjitlimit, it can be changed concurrently via sysctl, WRITEONCE in doprocdoulongvecminmax. The size of bpfjitlimit is long, so we need to add a paired READONCE to avoid...

CVE-2022-49967 bpf: Fix a data-race around bpf_jit_limit.

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpfjitlimit. While reading bpfjitlimit, it can be changed concurrently via sysctl, WRITEONCE in doprocdoulongvecminmax. The size of bpfjitlimit is long, so we need to add a paired READONCE to avoid...

CVE-2025-38037

In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as 1. Can be reproduced using 2. Suppress these reports by...

CVE-2025-38037

The CVE-2025-38037 issue affects the Linux kernel’s VXLAN FDB handling. The root cause is a data race where the FDB entry’s fields used and updated may be concurrently accessed by multiple threads, triggering KCSAN reports in vxlan_xmit paths. The fix is to annotate these accesses with READ_ONCE(...

CVE-2025-38037 vxlan: Annotate FDB data races

In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as 1. Can be reproduced using 2. Suppress these reports by...

CVE-2025-38037 vxlan: Annotate FDB data races

In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as 1. Can be reproduced using 2. Suppress these reports by...

SUSE CVE-2025-37800

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in devuevent If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev-driver from a valid pointer to NU...

CVE-2025-37800 driver core: fix potential NULL pointer dereference in dev_uevent()

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in devuevent If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev-driver from a valid pointer to NU...

CVE-2022-49640

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in procdouintvecminmax. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch...