9254 matches found
CVE-2026-53298
A flaw was found in the Linux kernel's airoha network driver. An issue with early initialization of the ndesc variable in the airohaqdmainitrxqueue routine can lead to a NULL pointer dereference during cleanup. This can result in a Denial of Service DoS condition. Additionally, improper ordering ...
DEBIAN-CVE-2026-58051
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...
UBUNTU-CVE-2026-58051
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...
EUVD-2026-39971
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...
CVE-2026-58051
CVE-2026-58051 affects libssh2 up to version 1.11.1. The vulnerability arises because libssh2 grows its publickey list using SSH2_REALLOC but does not zero-initialize the newly allocated entries before parsing populates them. If parsing fails and the code path cleans up, libssh2_publickey_list_fr...
CVE-2026-58051
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...
SUSE CVE-2026-53290
In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...
SUSE CVE-2026-53322
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...
Linux Distros Unpatched Vulnerability : CVE-2026-52976
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe: Fix error cleanup in xeexecqueuecreateioctl Two error handling issues exist in xeexecqueuecreateioctl: 1. When xehwenginegroupaddexecqueue fails, the...
Linux Distros Unpatched Vulnerability : CVE-2026-53030
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i3c: master: renesas: Fix memory leak in renesasi3ci3cxfers The xfer structure allocated by renesasi3callocxfer was never freed in the renesasi3ci3cxfers...
Linux Distros Unpatched Vulnerability : CVE-2026-53232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't call sfpbusdelupstream in the probe failure path, so let's add it, otherwis...
Linux Distros Unpatched Vulnerability : CVE-2026-53227
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: openvswitch: fix possible kfreeskb of ERRPTR After the patch in the Fixes tag, the allocation of the reply skb can happen either before or after locking th...
PT-2026-53083
Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An issue exists in the public key parsing process where the software expands its public key list using SSH2 REALLOC but fails to zero-initialize new entries before they are populated. If a parse...
Linux Distros Unpatched Vulnerability : CVE-2026-53067
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCI: endpoint: pci-ep-msi: Fix error unwind and prevent double alloc pciepfallocdoorbell stores the allocated doorbell message array in epf-dbmsg/epf-numdb befo...
Linux Distros Unpatched Vulnerability : CVE-2026-53204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while t...
Linux Distros Unpatched Vulnerability : CVE-2026-52959
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virt: sev-guest: Do not use host-controlled page order in cleanup path When issuing an extended guest request SVMVMGEXITEXTGUESTREQUEST, getextreport allocates ...
Linux Distros Unpatched Vulnerability : CVE-2026-52987
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: avoid double drmexecfini in userq validate When newaddition is true, amdgpuuserqvmvalidate calls drmexecfini&exec before iterating over the collecte...
Linux Distros Unpatched Vulnerability : CVE-2026-53214
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: Fix a potential NPD in cleanupprefixroute addrconfgetprefixroute can return the fib6nullentry sentinel entry which has a NULL fib6table pointer. Therefore...
ipv6: Fix a potential NPD in cleanup_prefix_route()
...
DEBIAN-CVE-2026-53322
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...