742 matches found
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the CheckPrimitiveExtent function. An attacker can cause a crash by triggering a failed memory allocation, leading to use of freed memory. Remediation A fix was pushed into the master branch but not yet published...
EUVD-2026-35170
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...
CVE-2026-47271
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc, xrealloc, and xstrdup using assertdata != NULL. The C standard specifies that all assert expressions are compiled out when NDEBUG is defined at...
EUVD-2026-32654
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc, xrealloc, and xstrdup using assertdata != NULL. The C standard specifies that all assert expressions are compiled out when NDEBUG is defined at...
EUVD-2026-32362
In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtdinteldg.c:750:15 index 0 is o...
CVE-2026-46010 rxrpc: Fix error handling in rxgk_extract_token()
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgkextracttoken Fix a missing bit of error handling in rxgkextracttoken: in the event that rxgkdecryptskb returns -ENOMEM, it should just return that rather than continuing on for anything else, it...
CVE-2026-45896 mtd: intel-dg: Fix accessing regions before setting nregions
In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtdinteldg.c:750:15 index 0 is o...
PT-2026-43763
In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtd intel dg.c:750:15 index 0 is...
PT-2026-43877
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the rxrpc component where the rxgk extract token function lacks proper error handling. Specifically, when the rxgk decrypt skb function returns -ENOMEM indicating a memor...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: clk: zynq – Prevent null pointer dereferencing caused by kmalloc failures The kmalloc function in zynqclksetup will return null if physical memory runs out. As a result, if we use snprintf to write data to a null address, a null...
Astra Linux - уязвимость в glibc
The Name Service Cache Daemon’s nscd netgroup cache uses xmalloc or xrealloc, and these functions may terminate the process due to a memory allocation failure, resulting in a denial of service for clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrementing rereceiving on early exit paths In cases where rpcrdmapostrecvs fails to create a work request due to memory allocation failures, for example or exits early, we should decrement ep-rereceiving before...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Issue: unittest – Fix null pointer dereferencing in ofunittestfindnodebyname Description: When kmalloc fails to allocate memory in kasprintf, name or fullname will be NULL, and strcmp will cause a null pointer dereference...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: kunit: Executor: Fixed a memory leak in cases where kunitfiltertests fails. It is possible that memory allocation for the “filtered” data may fail, but the copy of the suite may still succeed. In such cases, the “copy” data might...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Driver: soc: xilinx: fixed a memory leak in xlnxaddcbfornotifyevent. The kfree function should be called when memory fails to be allocated for cbdata in xlnxaddcbfornotifyevent. Otherwise, a memory leak will occur; therefore,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btusb: Fixed a potential NULL dereferencing on a kmalloc failure. Avoid potential NULL pointer dereferences by checking the return value of kmalloc and properly handling allocation failures...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: xfrm: When freeing ipcompscratches, if it fails to allocate memory, ipcompscratches will hold an obsolete address. When attempting to free the percpu scratches using ipcompfreescratches, it attempts to vfree a non-existent vm are...
CVE-2026-44638
A flaw was found in libsixel, a SIXEL encoder/decoder implementation. An incorrect NULL check after a memory allocation call in the sixeldecoderaw and sixeldecode functions can lead to a NULL pointer dereference. This occurs when memory allocation fails, causing the process to crash and resulting...
PT-2026-41034
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel decode raw and sixel decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter...
CVE-2026-43192
A flaw was found in the Linux kernel's device-mapper multipath dm mpath subsystem. A missing cleanup operation occurs when the system fails to retrieve a SCSI device handler name due to memory allocation issues. This oversight can lead to a resource leak, where references to path devices are not...