546 matches found
SUSE CVE-2026-46221
In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc in initonemc is assigned to dev-initname but never freed on the normal removal path. deviceregister copies initname and then sets dev-initname to...
CVE-2026-46221
A flaw was found in the Linux kernel's EDAC/versalnet component. A memory leak occurs because the device name, allocated during initialization, is not properly freed. Over time, this unreleased memory could lead to resource exhaustion, potentially impacting system stability and availability...
CVE-2026-46221
In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc in initonemc is assigned to dev-initname but never freed on the normal removal path. deviceregister copies initname and then sets dev-initname to...
UBUNTU-CVE-2026-46221
In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc in initonemc is assigned to dev-initname but never freed on the normal removal path. deviceregister copies initname and then sets dev-initname to...
CVE-2026-46221 EDAC/versalnet: Fix device name memory leak
In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc in initonemc is assigned to dev-initname but never freed on the normal removal path. deviceregister copies initname and then sets dev-initname to...
EUVD-2026-32848
In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc in initonemc is assigned to dev-initname but never freed on the normal removal path. deviceregister copies initname and then sets dev-initname to...
CVE-2026-46221
In the Linux kernel EDAC/versalnet code, CVE-2026-46221 arises from a memory-leak: the device name allocated with kzalloc() in init_one_mc() is assigned to dev->init_name, but never freed on the normal removal path. device_register() copies init_name and then sets dev->init_name to NULL, ma...
CVE-2026-46221
In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc in initonemc is assigned to dev-initname but never freed on the normal removal path. deviceregister copies initname and then sets dev-initname to...
PT-2026-44344
In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc in init one mc is assigned to dev-init name but never freed on the normal removal path. device register copies init name and then sets dev-init nam...
SUSE CVE-2022-50299
In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf returns the number of characters generated from...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: mISDN: A possible memory leak in mISDNregisterdevice has been fixed. After committing 1fa5ae857bb1 "driver core: get rid of struct device’s busid string array", the name of the device is allocated dynamically. Add putdevice to...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference to hiddevice for devm allocation of the inputdev name. Using hiddevice for devm allocation of the inputdev name helps prevent use-after-free issues. inputunregisterdevice will trigger the cleanup of...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ptp: A possible memory leak has been fixed in ptpclockregister. I encountered a memory leak during the fault injection test as follows: Unreferenced object: 0xffff88800906c618 size 8 Command: comm "i2c-idt82p33931", PID: 4421,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Fixed a use-after-free when renaming device names. Syzbot reported a slab-use-after-free with the following call trace: ========================================== BUG: KASAN: slab-use-after-free in nlaput+0xd3/0x150...
Astra Linux - уязвимость в linux
In the file drivers/pci/hotplug/rpadlpar/sysfs.c within the Linux kernel up to version 5.11.8, the RPA PCI Hotplug driver suffers a user-tolerable buffer overflow when writing a new device name to the driver from user space. This allows user space to write data directly to the kernel stack frame...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: NTB: Fixed a possible name leak in ntbregisterdevice. If deviceregister fails in ntbregisterdevice, the device name allocated by devsetname should be freed. According to the comment in deviceregister, callers should use putdevice...
MINI-FFP2-3MC3-C6WR
Bulletin has no description...
XML Injection
Overview Affected versions of this package are vulnerable to XML Injection in the KML and GPX export functionality. An attacker can corrupt the file structure and spoof exported location data by creating a device with a crafted name that injects XML content into the exported files. Remediation...
CVE-2026-27693
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...
CVE-2026-27694
Traccar (org.traccar:traccar) versions 6.11.1–6.12.x are vulnerable to stored HTML injection in email notification templates. User-controlled device, geofence, and driver names are inserted into HTML output without proper escaping, allowing an attacker with low privileges to store crafted HTML th...