1296 matches found
CVE-2026-55771
CVE-2026-55771 affects CedarJava prior to 4.9.0, where EntityIdentifier.equals() has inverted null/self-reference checks, causing incorrect equality results in custom integrations. The bug does not alter Cedar’s authorization decisions (computed in Rust from JSON) but could affect external code p...
PT-2026-57856
Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 4.9.0 Description The EntityIdentifier.equals function contains inverted logic for null and self-reference checks. This causes the method to return true for null comparisons and false for self-comparisons, leading t...
CVE-2026-61857 ImageMagick before 7.1.2-26 Heap Use-After-Free via XMP
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...
CVE-2026-53350
The CVE-2026-53350 fix applies to the Linux kernel ASoC wm_adsp component. The vulnerability was a NULL dereference in wm_adsp_control_remove() when cleaning up private control data cs_ctl->priv. The patch ensures priv is non-NULL before cleanup. Two scenarios avoid creating private data: SYST...
EUVD-2026-40972
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...
CVE-2026-53338
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...
DEBIAN-CVE-2026-53315
In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in rascoregetutcsecondtimestamp rascoregetutcsecondtimestamp retrieves the current UTC timestamp in seconds since the Unix epoch through a platform-specific RAS system callback and is used for...
EUVD-2026-39850
In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in rascoregetutcsecondtimestamp rascoregetutcsecondtimestamp retrieves the current UTC timestamp in seconds since the Unix epoch through a platform-specific RAS system callback and is used for...
CVE-2026-53105
A flaw was found in the Linux kernel's Wi-Fi subsystem, specifically within the mt76: mt7925 driver. This vulnerability occurs due to a missing check for a NULL 'vif' Virtual Interface before it is accessed. An attacker could potentially trigger a kernel panic by exploiting scenarios where the...
CVE-2026-53213
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: fix krealloc memory leak Don't just overwrite the original pointer passed to krealloc with its return value without checking latter: MEM = kreallocMEM, SZ, GFP; If krealloc returns NULL, that erases the pointer to the...
EUVD-2026-39304
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: fix krealloc memory leak Don't just overwrite the original pointer passed to krealloc with its return value without checking latter: MEM = kreallocMEM, SZ, GFP; If krealloc returns NULL, that erases the pointer to the...
CVE-2026-53213
In the Linux kernel drm/vc4 component, CVE-2026-53213 is a memory-leak fix related to krealloc(): if krealloc() returns NULL, the original pointer may be overwritten, leaking memory. The recommended pattern is to assign krealloc() to a temporary variable, check for NULL, then update the original ...
CVE-2026-53158
The CVE-2026-53158 issue affects the Linux kernel misc: fastrpc subsystem, where a NULL pointer dereference could occur in rpmsg callback if fastrpc_rpmsg_probe() hasn’t completed or if the callback fires before dev_set_drvdata(). The fault trace points to a NULL cctx in fastrpc_channel_ctx when ...
PT-2026-52308
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the drm/vc4 component. The issue occurs when the krealloc function is used to resize a memory block and its return value is assigned directly to the original...
PT-2026-52366
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL-dereference issue exists in the ksmbd module. The functions smb2 oplock break noti and smb2 lease break noti read the opinfo-conn variable without using READ ONCE or performing a...
PT-2026-52332
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs during the suspend and resume processes in the mvebu GPIO driver. The functions mvebu pwm suspend and mvebu pwm resume are executed for all GPIO banks;...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btusb: mediatek – Fixed a kernel crash that occurred when releasing the mtk iso interface. When performing reset tests and encountering abnormal card drop issues that lead to a kernel crash, it is necessary to perfo...
PT-2026-51731
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the BPF Berkeley Packet Filter subsystem. The function bpf selem unlink nofail sets the smap variable to NULL before removing the element from the...
EUVD-2026-37190
In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0156
In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...