752 matches found
UBUNTU-CVE-2025-71300
In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...
CVE-2026-43347
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region We observe spurious "Synchronous External Abort" exceptions ESR=0x96000010 and kernel crashes on Monaco-based platforms. These faults are caused by the kernel...
CVE-2025-71300
In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...
CVE-2025-71300 Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"
In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...
CVE-2025-71299
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...
CVE-2025-71299
CVE-2025-71299 affects the Linux kernel driver spi_cadence_quadspi. The root cause is a runtime PM interaction during probe: a pm_runtime_disable in error paths could lead to duplicate clock disables when PM is active, especially with missing/broken DT descriptions for flash devices. The document...
CVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...
CVE-2025-71299
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...
PT-2026-38925
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where the presence of a manually defined OP-TEE node in zynqmp.dtsi interferes with the U-Boot logic. U-Boot normally automatically injects a...
PT-2026-38924
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the spi: cadence-quadspi driver where a runtime PM Power Management disable operation in the probe function error paths can trigger duplicate clock disables. This occu...
EUVD-2026-27724
In the Linux kernel, the following vulnerability has been resolved: hwmon: nct7363 Fix a resource leak in nct7363presentpwmfanin When calling ofparsephandlewithargs, the caller is responsible to call ofnodeput to release the reference of device node. In nct7363presentpwmfanin, it does not release...
CVE-2026-43281
In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fwmboxindexxlate Although it is guided that mbox-cells must be at least 1, there are many instances of mbox-cells = ; in the device tree. If that is the case and the corresponding mailbox...
CVE-2026-43281
CVE-2026-43281 affects the Linux kernel mailbox subsystem. The flaw is an out-of-bounds access in fw_mbox_index_xlate() that can occur when #mbox-cells is
CVE-2026-43281 mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()
In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fwmboxindexxlate Although it is guided that mbox-cells must be at least 1, there are many instances of mbox-cells = ; in the device tree. If that is the case and the corresponding mailbox...
CVE-2026-43165
In the Linux kernel, the following vulnerability has been resolved: hwmon: nct7363 Fix a resource leak in nct7363presentpwmfanin When calling ofparsephandlewithargs, the caller is responsible to call ofnodeput to release the reference of device node. In nct7363presentpwmfanin, it does not release...
CVE-2026-43165
CVE-2026-43165 corresponds to a Linux kernel hwmon issue in the nct7363 driver where of_parse_phandle_with_args() references were not released with of_node_put(), causing a resource leak in nct7363_present_pwm_fanin. The connected OSV entries indicate patches in rootio-linux for various Ubuntu/De...
SUSE CVE-2026-31724
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: feem: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...
PT-2026-37621
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access issue exists in the fw mbox index xlate function. This occurs when mbox-cells is set to 0 in the device tree and the mailbox controller lacks fw xlate and of xlat...
SUSE CVE-2026-31725
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...
CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: feem: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...