race condition

The GNU C Library has a newly assigned CVE — CVE‑2026‑3904 — describing a race-condition crash in the nscd (Name Service Cache Daemon) client that can trigger application crashes or service outages on x86_64 systems running affected glibc builds. Upstream maintainers published a security...

The Linux kernel has received a small but important patch that fixes a timing (race) bug in the kernel TLS implementation: CVE-2026-23240 addresses a race in tls_sw_cancel_work_tx() where a worker can be scheduled after the kernel believes the delayed work has been cancelled, allowing the worker...

EROFS in the Linux kernel has been patched for a race-condition use‑after‑free that can trigger kernel panics when a file‑backed mount is used together with the directio option — tracked as CVE-2026-23224 — and the fix replaces an unsafe free path with a simple reference‑counting discipline that...

A dodgy race in the Linux kernel’s virtio crypto path has been fixed by adding spinlock protection around virtqueue notification handling — a surgical change that closes a denial‑of‑service and hang condition seen when the virtio‑crypto device and the AF_ALG backend are exercised concurrently...

The Linux kernel fix for CVE-2025-21943 addresses a subtle but practical race in the gpio-aggregator driver that can leave platform devices dangling and destabilize a host when module unload races with driver attribute handlers — the remedy is to hold a module reference (via try_module_get()) in...

The Linux kernel received a targeted fix for a race-related protection fault in its IOMMU userspace subsystem — a patch tracked as CVE-2024-26785 that corrects a null-pointer / protection-fault condition reachable via the iommufd selftest ioctl paths and closes a locally exploitable...

Microsoft's update guide entry for CVE-2026-21221 flags an Elevation of Privilege concern in the Capability Access Management Service (camsvc), but public technical details remain sparse and unevenly catalogued: security teams should treat the entry as a valid alert while recognizing that...

A recently published Linux kernel patch addresses a race condition in the regulator core that could produce a local use-after-free (UAF), duplicate alias entries, or inconsistent supply mappings — filed as CVE-2025-68354 — by protecting the regulator_supply_alias_list with the existing...

A newly assigned CVE, CVE-2025-40328, documents a use-after-free (UAF) in the Linux kernel's SMB client implementation that could lead to memory corruption and instability on systems running affected kernel versions. The bug arises from a narrow race between reference-count manipulation and list...

Microsoft’s security trackers and multiple independent feeds recorded CVE-2025-64661 as a Windows Shell elevation-of-privilege (EoP) vulnerability rooted in a race condition (concurrent execution using a shared resource with improper synchronization). The vulnerability is scored as High (CVSS...

Microsoft has published an advisory for CVE‑2025‑62218, an elevation‑of‑privilege vulnerability in the Microsoft Wireless Provisioning System that can be triggered locally by an authenticated user and, when successfully exploited, allow a low‑privilege account to gain elevated system privileges...

A newly published Linux-kernel vulnerability, tracked as CVE-2025-40042, fixes a race condition in kprobe initialization that can lead to a NULL-pointer dereference and a kernel crash — a local, availability-focused defect that has been upstreamed into the kernel stable trees and is being...

A new Windows Hyper‑V vulnerability tracked as CVE‑2025‑55328 has been published by Microsoft and classified as an Elevation of Privilege issue caused by a race condition in the Hyper‑V code path. The vendor summary describes the flaw as “concurrent execution using shared resource with improper...

Microsoft’s advisory for CVE-2025-59216 describes a race-condition vulnerability in the Windows Graphics Component that can allow an authenticated local attacker to elevate privileges if they can win a timing window. Executive summary What it is: CVE-2025-59216 is a “concurrent execution using...

Microsoft’s advisory for CVE-2025-55224 describes a concurrency flaw in the Windows kernel graphics component (Win32K — GRFX) that can be manipulated by an authorized local actor to gain code execution or elevate privileges on an affected system; the bug is a race condition (improper...

CVE-2025-54114 (Cdpsvc) — What you need to know now Author: Senior Security Writer, WindowsForum.com Date: September 9, 2025 TL;DR — There’s confusion about the CVE number you provided. Microsoft’s Security Update Guide entry for the Connected Devices Platform Service (Cdpsvc) DoS is widely...

Microsoft’s terse advisory that “concurrent execution using a shared resource with improper synchronization (‘race condition’) in Windows Hyper‑V allows an authorized attacker to elevate privileges locally” is the single-line summary administrators need to treat as urgent: this is a Hyper‑V race...

A newly disclosed race‑condition vulnerability in the Windows Capability Access Management Service (camsvc) can be abused by a local attacker to escalate privileges to SYSTEM on unpatched hosts, and organizations should treat the advisory as a high‑priority patching event for affected Windows...

Microsoft has published an advisory for CVE-2025-54105 — a local elevation-of-privilege vulnerability in the Microsoft Brokering File System (BFS) caused by a concurrency bug (race condition) that can be exploited by an authenticated local user to gain elevated rights on the host. Background The...

Title: CVE‑2025‑54093 — Windows TCP/IP Driver TOCTOU Race Condition (Local Elevation of Privilege) Summary What it is: A time‑of‑check/time‑of‑use (TOCTOU) race condition in the Windows TCP/IP driver that Microsoft lists as CVE‑2025‑54093. Microsoft’s advisory describes the flaw as a TOCTOU...