Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In the tty module, for the serial subsystem, there is a issue where the uartlite driver is registered within the init function. When two instances of the uart device are being probed, a concurrency race may occur. If one thread...

kernel: RDMA/rxe: Fix double free in rxe_srq_from_init

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...

CVE-2025-29338

CVE-2025-29338 affects the NXP moal.ko Wi‑Fi kernel driver (driver version 5.1.7.10) across firmware builds from v17.92.1.p149.43 to v17.92.1.p149.157. The root cause is a stack‑based buffer overflow in the parsing path: woal_setup_module_param allocates a fixed stack buffer and parse_cfg_get_lin...

CVE-2026-42216

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init reconstructs strings from a prefix-compressed...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: testfirmware: fixed a memory leak in testfirmwareinit. When miscregister failed in testfirmwareinit, the memory pointed to by testfwconfig-name was not released. The memory leak information is as follows: Unreferenced object...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: eint: Fixed invalid pointer dereferencing for v1 platforms The commit 3ef9f710efcb “pinctrl: mediatek: Added EINT support for multiple addresses” introduced an access to the ‘soc’ field of the struct mtkpinctrl...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQs before initfn for non-boot CPUs. Disable IRQs before initfn for non-boot CPUs during hotplug operations, in order to silence such warnings and also to avoid potential errors due to unexpected interrupts...

OESA-2026-1606 libsndfile security update

Libsndfile is a C library for reading and writing files containing sampled sound such as MS Windows WAV and the Apple/SGI AIFF format through one standard library interface. Security Fixes: Libsndfile =1.2.2 contains a memory leak vulnerability in the mpegl3encoderinit function within the...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38262)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38262 advisory. - In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart...

CVE-2025-56226

Libsndfile =1.2.2 contains a memory leak vulnerability in the mpegl3encoderinit function within the mpegl3encode.c file...

CVE-2026-22255 iccDEV has heap-buffer-overflow in CIccCLUT::Init() at IccProfLib/IccTagLut.cpp

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in CIccCLUT::Init at IccProfLib/IccTagLut.cpp. This...

CVE-2025-15220 SohuTV CacheCloud LoginController.java init cross site scripting

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be...

SUSE CVE-2022-50727

In the Linux kernel, the following vulnerability has been resolved: scsi: efct: Fix possible memleak in efctdeviceinit In efctdeviceinit, when efctscsiregfctransport fails, efctscsitgtdriverexit is not called to release memory for efctscsitgtdriverinit and causes memleak: unreferenced object...

EUVD-2025-204579

A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function sgpipelinecommoninit in the library sokolgfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The...

PT-2025-52501

Name of the Vulnerable Software and Affected Versions floooh sokol versions prior to 33e2271c431bf21de001e972f72da17a984da932 Description A security flaw exists in floooh sokol. The issue resides in the sg pipeline common init function within the sokol gfx.h library, leading to a heap-based buffe...

CVE-2022-50640

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Fix kernel panic when remove non-standard SDIO card SDIO tuple is only allocated for standard SDIO card, especially it causes memory corruption issues when the non-standard SDIO card has removed, which is because the...

EUVD-2018-8826

Malware in sbrugna...

CVE-2022-50269

CVE-2022-50269 affects the Linux kernel (drm/vkms). Root cause: vkms_init() allocates a config with kmalloc and may leak if vkms_create() fails, since the return value isn’t checked before exiting. Impact: local attacker could cause memory leak during vkms module initialization. The fixed descrip...

CVE-2022-50269 drm/vkms: Fix memory leak in vkms_init()

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix memory leak in vkmsinit A memory leak was reported after the vkms module install failed. unreferenced object 0xffff88810bc28520 size 16: comm "modprobe", pid 9662, jiffies 4298009455 age 42.590s hex dump first 16...

LoongArch: Disable IRQ before init_fn() for nonboot CPUs

...