1653 matches found
DEBIAN-CVE-2026-43238
In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbedit: fix divide-by-zero in tcfskbedithash Commit 38a6f0865796 "net: sched: support hash selecting tx queue" added SKBEDITFTXQSKBHASH support. The inclusive range size is computed as: mappingmod = queuemappingmax...
DEBIAN-CVE-2026-43235
In the Linux kernel, the following vulnerability has been resolved: media: iris: Add missing platform data entries for SM8750 Two platform-data fields for SM8750 were missed: - getvpubuffersize = irisvpu33bufsize Without this, the driver fails to allocate the required internal buffers, leading to...
DEBIAN-CVE-2026-43231
In the Linux kernel, the following vulnerability has been resolved: media: radio-keene: fix memory leak in error path Fix a memory leak in usbkeeneprobe. The v4l2 control handler is initialized and controls are added, but if v4l2deviceregister or videoregisterdevice fails afterward, the handler w...
DEBIAN-CVE-2026-43237
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key updates include: - Moved the logic for managing the last update fence...
DEBIAN-CVE-2026-43222
In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: rowsb, colsb, startpos and endpos 4 bytes each. So the total required memory is AV1MAXTILES 16 bytes. Use the correct define to allocate the buffer...
DEBIAN-CVE-2026-43205
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate numifs to prevent out-of-bounds write The driver obtains swattr.numifs from firmware via dpswgetattributes but never validates it against DPSWMAXIF 64. This value controls iteration in...
DEBIAN-CVE-2026-43195
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate user queue size constraints Add validation to ensure user queue sizes meet hardware requirements: - Size must be a power of two for efficient ring buffer wrapping - Size must be at least AMDGPUGPUPAGESIZE to...
DEBIAN-CVE-2026-43184
In the Linux kernel, the following vulnerability has been resolved: rnbd-srv: Zero the rsp buffer before using it Before using the data buffer to send back the response message, zero it completely. This prevents any stray bytes to be picked up by the client side when there the message is exchange...
DEBIAN-CVE-2026-43177
In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the runtime PM reference. Add pmruntimeputsync before cleaning up other...
DEBIAN-CVE-2026-43168
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix reflink preserve cleanup issue commit c06c303832ec "ocfs2: fix xattr array entry countedby error" doesn't handle all cases and the cleanup job for preserved xattr entries still has bug: - the 'last' pointer should be...
DEBIAN-CVE-2026-43148
In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: Add check for kcalloc failure in parsethreadgroups As kcalloc may fail, check its return value to avoid a NULL pointer dereference when passing it to ofpropertyreadu32array...
DEBIAN-CVE-2026-43126
In the Linux kernel, the following vulnerability has been resolved: ALSA: mixer: oss: Add card disconnect checkpoints ALSA OSS mixer layer calls the kcontrol ops rather individually, and pending calls might be not always caught at disconnecting the device. For avoiding the potential UAF scenarios...
DEBIAN-CVE-2026-43124
In the Linux kernel, the following vulnerability has been resolved: pstore: ramcore: fix incorrect success return when vmap fails In persistentramvmap, vmap may return NULL on failure. If offset is non-zero, adding offsetinpagestart causes the function to return a non-NULL pointer even though the...
DEBIAN-CVE-2026-43122
In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Update cpuidle driver check in acpiprocessorstart Commit 7a8c994cbb2d "ACPI: processor: idle: Optimize ACPI idle driver registration" moved the ACPI idle driver registration to acpiprocessordriverinit and...
DEBIAN-CVE-2025-71289
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attrsetsize errors when truncating files If attrsetsize fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state...
DEBIAN-CVE-2025-71273
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Use devmkmemdup in rtwsetsupportedband Simplify the code by using device managed memory allocations. This also fixes a memory leak in rtwregisterhw. The supported bands were not freed in the error path. Copied from...
UBUNTU-CVE-2026-43133
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f "KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state" made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed...
UBUNTU-CVE-2026-43211
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pcislottrylock error handling Commit a4e772898f8b "PCI: Add missing bridge lock to pcibuslock" delegates the bridge device's pcidevtrylock to pcibustrylock in pcislottrylock, but it forgets to remove the corresponding...
DEBIAN-CVE-2026-43119
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: annotate data-races around hdev-reqstatus hcicmdsyncsk sets hdev-reqstatus under hdev-reqlock: hdev-reqstatus = HCIREQPEND; However, several other functions read or write hdev-reqstatus without holding any loc...
DEBIAN-CVE-2026-43110
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmffwehhandleifevent validates the firmware-provided interface index before it touches drvr-iflist, but it still uses the raw bsscfgidx field as an array index without a...