218 matches found
GHSA-CC37-9Q2J-3HFV Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length
When decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException...
Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length
When decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException...
CVE-2026-46224
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xedmabufinitobj on allocation failure When drmgpuvmresvobjectalloc fails, the pre-allocated storage bo is not freed. Add xebofreestorage before returning the error. xedmabufinitobj calls xeboinitlocked, whi...
CVE-2026-46201 drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import()
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix dma-buf attachment leak in xegemprimeimport When xedmabufinitobj fails, the attachment from dmabufdynamicattach is not detached. Add dmabufdetach before returning the error. Note: we cannot use goto outerr here becaus...
CVE-2026-46201
CVE-2026-46201 affects the Linux kernel drm/xe: an error path in xe_gem_prime_import() leaks a dma_buf attachment when xe_dma_buf_init_obj() fails, because the attachment from dma_buf_dynamic_attach() is not detached. The fix explicitly detaches via dma_buf_detach() before returning an error, avo...
EUVD-2026-32479
In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing tpmbufdestroy in tpm2readpublic tpm2readpublic calls tpmbufinit but fails to call tpmbufdestroy on two exit paths, leaking a page allocation: 1. When namesize returns an error unrecognized hash algorith...
CVE-2026-46068
crypto: nx - fix bounce buffer leaks in nx842cryptoalloc,freectx...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, a leak in the skbtstamptx function was fixed. Commit 50749f2dd685 “tcp/udp: Fixed memory leaks in sk and zerocopy skbs during TX timestamping” added a call to skborphanfragsrx to fix leaks related to zerocop...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks on xdpdoredirect failure Before enetccleanrxringxdp calls xdpdoredirect, each software BD in the RX ring between index origi and i can have one of two refcount values on its page. We are the owner o...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: xsk: Fixed the deletion of fragment nodes to prevent buffer leaks. After the commit b692bf9a7543 “xsk: Remove xdpbuffxsk::xskblistnode”, the listnode field is reused for both the xskb pool list and the buffer free list. This caus...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: Fixed a skb memory leak in the receive path. When midev-allowrx is set to false, the newly allocated skb is not consumed by netifrx. It is necessary to free the skb directly...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: Ethernet: Aeroflex: fixed a potential skb leak in grethinitrings The grethinitrings function does not free the newly allocated skb when dmamappingerror returns an error. Therefore, devkfreeskb was added to fix this issue. This ha...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: cdceem: Fix for the leak in eemfixup when usbnet transmits a skb. When usbnet transmits a skb, it is processed in eemtxfixup. If skbcopyexpand fails, it returns NULL. In this case, usbnetstartxmit has no chance to free the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fixed the issue of the sentcmd skb being leaked before it was freed. The sentcmd memory was not freed before freeing hcidev, causing it to leak its contents...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fixed the DMA buffer leak issue. Release the DMA buffer when probe returns an error to avoid memory leaks...
CVE-2026-43373 net: ncsi: fix skb leak in error paths
In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting in a memory leak. Specifically, ncsiaenhandler returns on invalid AEN packets without consuming the...
PT-2026-39112
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the netfilter nfnetlink queue component. The nfqnl recv verdict function calls find dequeue entry to remove a queue entry, taking ownership of it. For PF BRIDGE...
CVE-2026-43142
A flaw was found in the Linux kernel's media: iris: gen1 driver. This vulnerability occurs because the driver fails to destroy internal buffers after the firmware releases them. This oversight leads to stale memory allocations, particularly when display resolutions change and new buffers are...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: mxser: fixed the xmitbuf leak in the activate function when LSR is 0xff. When LSR is 0xff in the -activate function, we return an error. As long as the -shutdown function is not called when -activate fails, nothing actually frees...
net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
...