rcu

A subtle misuse of the Linux kernel’s Read-Copy-Update (RCU) primitives in the WILC1000 Wi‑Fi driver has surfaced as CVE-2024-27053, a high‑severity flaw that can lead to sustained or persistent denial‑of‑service for affected systems and — under specific race conditions — risks more serious...

A new Linux kernel vulnerability, tracked as CVE‑2025‑68374, corrects a subtle but serious RCU lifetime bug in the md (multiple‑device / software RAID) subsystem: maintainers attempted to use RCU to protect a pointer named thread, but passed that raw pointer into md_wakeup_thread before entering...

The Linux kernel has received a targeted, low‑risk hardening to close a race that could lead to a use‑after‑free in a TCP Fast Open helper: CVE‑2025‑68188 updates tcp_fastopen_active_disable_ofo_check to use the RCU‑aware helper dst_dev_rcu, removing a small timing window tied to atomic...

A subtle race in the Linux kernel’s NVMe‑over‑Fibre‑Channel stack was assigned CVE‑2025‑40343 after maintainers fixed a sequencing bug that could let the same association deletion be scheduled twice during a forced port shutdown — a corner case that, in the field, risks freeing resources twice...

A recently disclosed Linux kernel vulnerability, tracked as CVE-2025-40158, affects the IPv6 transmit path: a race-condition/RCU misuse in the ip6_output / ip6_finish_output2 code that can lead to a possible use‑after‑free (UAF) when the kernel reads the destination device pointer; the upstream...

A focused, low‑risk kernel hardening landed as CVE‑2025‑40170: maintainers switched several network call paths to RCU‑aware device access (use of dst_dev_rcu to remove transient pointer races in sk_setup_caps and a handful of related functions, closing a window that could cause kernel oopses or...

The Linux kernel team fixed a subtle but potentially disruptive use‑after‑free (UAF) in the SMC networking code by changing how a socket’s destination device is obtained inside smc_clc_prfx_match: callers now use the RCU‑aware accessors __sk_dst_get and dst_dev_rcu instead of a direct...

A subtle change in the Linux kernel networking stack — switching get_netdev_for_sock to use __sk_dst_get and dst_dev_rcu — was published as CVE-2025-40149 and patches were merged upstream to remove a potential use‑after‑free (UAF) when callers accessed a transient device pointer outside an RCU...