63049 matches found
UBUNTU-CVE-2026-45846
In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudpfillmetadatadst bareudpfillmetadatadst passes bareudp-sock to udptunnel6dstlookup in the IPv6 path without a NULL check. The socket is only created in bareudpopen and NULLed in...
UBUNTU-CVE-2026-45842
In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...
UBUNTU-CVE-2026-45845
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTMDELQDISC, tapriograft is called with new == NULL and stores NULL into q-qdiscscl - 1. Subsequent RTMGETTCLASS dump operatio...
SUSE CVE-2026-48829
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...
CVE-2026-45846
In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudpfillmetadatadst bareudpfillmetadatadst passes bareudp-sock to udptunnel6dstlookup in the IPv6 path without a NULL check. The socket is only created in bareudpopen and NULLed in...
CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()
In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudpfillmetadatadst bareudpfillmetadatadst passes bareudp-sock to udptunnel6dstlookup in the IPv6 path without a NULL check. The socket is only created in bareudpopen and NULLed in...
CVE-2026-45846
CVE-2026-45846 affects the Linux kernel bareudp code path. The vulnerability arises in bareudp_fill_metadata_dst(), which passes bareudp->sock to udp_tunnel6_dst_lookup() in the IPv6 path without a NULL check. If the bareudp device is down (socket not created or already NULLed in bareudp_stop)...
CVE-2026-45846
In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudpfillmetadatadst bareudpfillmetadatadst passes bareudp-sock to udptunnel6dstlookup in the IPv6 path without a NULL check. The socket is only created in bareudpopen and NULLed in...
EUVD-2026-32172
In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudpfillmetadatadst bareudpfillmetadatadst passes bareudp-sock to udptunnel6dstlookup in the IPv6 path without a NULL check. The socket is only created in bareudpopen and NULLed in...
CVE-2026-45845
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTMDELQDISC, tapriograft is called with new == NULL and stores NULL into q-qdiscscl - 1. Subsequent RTMGETTCLASS dump operatio...
CVE-2026-45845
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTMDELQDISC, tapriograft is called with new == NULL and stores NULL into q-qdiscscl - 1. Subsequent RTMGETTCLASS dump operatio...
EUVD-2026-32171
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTMDELQDISC, tapriograft is called with new == NULL and stores NULL into q-qdiscscl - 1. Subsequent RTMGETTCLASS dump operatio...
CVE-2026-45845 net/sched: taprio: fix NULL pointer dereference in class dump
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTMDELQDISC, tapriograft is called with new == NULL and stores NULL into q-qdiscscl - 1. Subsequent RTMGETTCLASS dump operatio...
CVE-2026-45845
The CVE-2026-45845 issue affects the Linux kernel net/sched taprio code. When deleting a TAPRIO child qdisc via RTM_DELQDISC, taprio_graft() could store NULL in q->qdiscs[] and later RTM_GETTCLASS dump paths could dereference a NULL pointer during taprio_dump_class(), causing a kernel NULL poi...
CVE-2026-45842
In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...
CVE-2026-45842
CVE-2026-45842 concerns the Linux kernel slip module. When rslots are configured to 0 (no receive compression), the code may allocate a NULL rstate and set rslot_limit to 0. The receive path does not guard against this, causing slhc_uncompress() to dereference comp->rstate[x] if the VJ header ...
SUSE CVE-2024-43822
In the Linux kernel, the following vulnerability has been resolved: ASoc: PCM6240: Return directly after a failed devmkzalloc in pcmdevicei2cprobe The value “-ENOMEM” was assigned to the local variable “ret” in one if branch after a devmkzalloc call failed at the beginning. This error code will...
SUSE CVE-2026-45834
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockstatechangecb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...
SUSE CVE-2026-45835
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...
SUSE CVE-2026-45836
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockgetsndtimeocb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...