CVE-2026-45877 HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtpbusremoveallclients During a warm reset flow, the cl-device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl-device-referencecount witho...

CVE-2026-45874 phy: freescale: imx8qm-hsio: fix NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: phy: freescale: imx8qm-hsio: fix NULL pointer dereference During the probe the refclkpad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is not defined in the devicetree node. But in imxhsioconfigureclkpad this point...

CVE-2026-45874

CVE-2026-45874 affects the Linux kernel component under the phosphate path for Freescale IMX8QM HSIO. The issue arises when the devicetree provides no fsl,refclk-pad-mode; during probe, refclk_pad is set to NULL, and imx_hsio_configure_clk_pad() uses this pointer unconditionally, risking a NULL p...

CVE-2026-45874

In the Linux kernel, the following vulnerability has been resolved: phy: freescale: imx8qm-hsio: fix NULL pointer dereference During the probe the refclkpad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is not defined in the devicetree node. But in imxhsioconfigureclkpad this point...

CVE-2026-45869

In the Linux kernel, the following vulnerability has been resolved: power: supply: wm97xx: Fix NULL pointer dereference in powersupplychanged In probe, requestirq is called before allocating/registering a powersupply handle. If an interrupt is fired between the call to requestirq and...

CVE-2026-45869 power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()

In the Linux kernel, the following vulnerability has been resolved: power: supply: wm97xx: Fix NULL pointer dereference in powersupplychanged In probe, requestirq is called before allocating/registering a powersupply handle. If an interrupt is fired between the call to requestirq and...

CVE-2026-45869

CVE-2026-45869 affects the Linux kernel wm97xx power supply driver. A race between request_irq() and power_supply_register() can cause a NULL pointer dereference in power_supply_changed() if an interrupt fires before the power_supply handle is registered. Fix: ensure the IRQ is requested after re...

CVE-2026-45857

In the Linux kernel, the following vulnerability has been resolved: scsi: csiostor: Fix dereference of null pointer rn The error exit path when rn is NULL ends up deferencing the null pointer rn via the use of the macro CSIOINCSTATS. Fix this by adding a new error return path label after the use ...

CVE-2026-45857 scsi: csiostor: Fix dereference of null pointer rn

In the Linux kernel, the following vulnerability has been resolved: scsi: csiostor: Fix dereference of null pointer rn The error exit path when rn is NULL ends up deferencing the null pointer rn via the use of the macro CSIOINCSTATS. Fix this by adding a new error return path label after the use ...

CVE-2026-45857

The CVE-2026-45857 issue affects the Linux kernel, specifically the SCSI subsystem in the csiostor path. The root cause is a NULL pointer dereference of rn in the error exit path, caused by the use of CSIO_INC_STATS after rn may be NULL. A fix was introduced that adds a dedicated error-return pat...

CVE-2026-45848 apparmor: fix NULL sock in aa_sock_file_perm

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aasockfileperm Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops. The fix for NULL pointer dereference in unixneedsrevalidation shows...

CVE-2025-71308

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aiedestroycontext is invoked during error handling in aie2createcontext. However, aiedestroycontext assumes that the context's mailbox channel pointer is...

CVE-2025-71308 accel/amdxdna: Fix potential NULL pointer dereference in context cleanup

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aiedestroycontext is invoked during error handling in aie2createcontext. However, aiedestroycontext assumes that the context's mailbox channel pointer is...

CVE-2025-71308

CVE-2025-71308 affects the Linux kernel accel/amdxdna module. The vulnerability arises when error handling in aie2_create_context() calls aie_destroy_context() with a NULL mailbox channel pointer, causing a potential NULL pointer dereference and system crash. The fix replaces the call to aie_dest...

CVE-2025-71307

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthorfwunplug This patch removes the MCU halt and wait for halt procedures during panthorfwunplug as the MCU can be in a variety of states or the FW may not even be loaded/initialize...

CVE-2025-71307 drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthorfwunplug This patch removes the MCU halt and wait for halt procedures during panthorfwunplug as the MCU can be in a variety of states or the FW may not even be loaded/initialize...

CVE-2025-71307

In the Linux kernel drm/panthor driver, CVE-2025-71307 is a NULL pointer dereference that occurred in panthor_fw_unplug when the MCU could be in various states or the FW was not loaded/initialized. The fix removes the MCU halt-and-wait during unplug, since waiting for halt may be unsafe if the MC...

CVE-2026-45846

In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudpfillmetadatadst bareudpfillmetadatadst passes bareudp-sock to udptunnel6dstlookup in the IPv6 path without a NULL check. The socket is only created in bareudpopen and NULLed in...

CVE-2026-45845

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTMDELQDISC, tapriograft is called with new == NULL and stores NULL into q-qdiscscl - 1. Subsequent RTMGETTCLASS dump operatio...

CVE-2026-45842

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...