76880 matches found
gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin
A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...
PT-2026-53755
Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description An issue exists where the mcumgr serial process frag function in subsys/mgmt/mcumgr/transport/src/serial util.c calls net buf reset on the result of smp packet alloc without first verifying if the result is NUL...
PT-2026-53732
Name of the Vulnerable Software and Affected Versions JavaScript::Minifier::XS versions prior to 0.16 Description A NULL pointer dereference occurs when the first meaningful token of the input is a slash. The issue resides in the JsTokenizeString function within the XS.xs file, where the regexp...
Linux Distros Unpatched Vulnerability : CVE-2026-53325
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - agp/amd64: Fix broken error propagation in agpamd64probe A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environme...
PT-2026-53209
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.1.2-1.1 Description A NULL pointer dereference occurs in the AMD64 AGP driver when operating in virtualized environments, such as qemu/kvm, that lack a physical AMD northbridge. The issue stems from broken erro...
CVE-2026-10593
The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...
CVE-2026-10593 Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client QoS-state handling
The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...
CVE-2026-10593
The CVE affects Zephyr’s Bluetooth LE Audio BAP unicast client. In unicast_client_ep_qos_state(), the handler writes attacker-controlled QoS fields via stream-qos with only a stream != NULL guard. stream-qos is NULL for streams codec-configured but not yet added to a unicast group, creating a win...
CVE-2026-10593
The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...
SUSE CVE-2026-53278
In the Linux kernel, the following vulnerability has been resolved: armmpam: Check whether the config array is allocated before destroying it destroycomponentcfg is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If...
SUSE CVE-2026-53281
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d "iommu/vt-d: Avoid use of NULL after WARNONONCE" fixed a NULL pointer dereference in an unlikely situation partly. If devpasid is not found in...
SUSE CVE-2026-53289
In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...
SUSE CVE-2026-53297
In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard manaremove against double invocation If PM resume fails e.g., manaattach returns an error, manaprobe calls manaremove, which tears down the device and sets gd-gdmacontext = NULL and gd-driverdata = NULL. However,...
SUSE CVE-2026-53298
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup will trigger a NULL pointer dereference running...
SUSE CVE-2026-53299
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainittx If queue entry list allocation fails in airohaqdmainittxqueue routine, airohaqdmacleanuptxqueue will trigger a NULL pointer dereference accessing the queue entry...
SUSE CVE-2026-53301
In the Linux kernel, the following vulnerability has been resolved: reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet...
SUSE CVE-2026-53313
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference in dcdmubsrv error paths In dcdmubsrvlogdiagnosticdata and dcdmubsrvenabledpiatrace. Both functions check: if !dcdmubsrv || !dcdmubsrv-dmub and then call DCLOGERROR inside that block...
SUSE CVE-2026-53315
In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in rascoregetutcsecondtimestamp rascoregetutcsecondtimestamp retrieves the current UTC timestamp in seconds since the Unix epoch through a platform-specific RAS system callback and is used for...
SUSE CVE-2026-53316
In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in rascorerasinterruptdetected Fixes a NULL pointer dereference when rascore is NULL and rascore-dev is accessed in the error path. Reported by: Dan Carpenter...
SUSE CVE-2026-53318
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...