176 matches found
CVE-2026-53067
A flaw was found in the Linux kernel's PCI Peripheral Component Interconnect endpoint Message Signaled Interrupts MSI doorbell allocation. When MSI allocation fails, the system may attempt to free already freed memory, leading to a double-free vulnerability. This issue can result in memory...
EUVD-2026-38935
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-ep-msi: Fix error unwind and prevent double alloc pciepfallocdoorbell stores the allocated doorbell message array in epf-dbmsg/epf-numdb before requesting MSI vectors. If MSI allocation fails, the array is free...
CVE-2026-53067
In the Linux kernel PCI endpoint code, the issue was in pci_epf_alloc_doorbell(): it stored the allocated doorbell message array in epf->db_msg/epf->num_db before requesting MSI vectors. If MSI allocation failed, the array was freed but EPF state could still reference freed memory. The fix ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Misc: pciendpointtest: Fixed the panic that occurs when calling pciendpointtestcopy,write,read The dmamapsingle function does not allow zero-length mappings. This causes a panic. A panic was reported on the arm64 architecture:...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint: Fixed error handling in vpciscanbus Smatch complains about inconsistent NULL checking in vpciscanbus: drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpciscanbus error: We previously assumed that ‘vpcibus’ could...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: PCI: Endpoint: pci-epf-vntb: Stop cmdhandler work in epfntbepccleanup Disable the delayed work before clearing BAR mappings and doorbells to avoid running the handler after resources have been torn down. Unable to handle kerne...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: “misc: pciendpointtest”: Fixed an array underflow in pciendpointtestioctl. The commit eefb83790a0d “misc: pciendpointtest: Add doorbell test case” added NOBAR -1 to the pcibarno enum. In practical terms, this changes the enum...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint – Fix for misused goto labels. A misused goto label jump can lead to a memory leak. This issue has been addressed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint: pci-epf-vntb: Remove duplicate resource teardown The epfntbepcdestroy function duplicates the teardown that the caller is supposed to perform later. This leads to an error when .allowlink fails, or when .droplink i...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint – Avoid creating sub-groups asynchronously Asynchronous creation of sub-groups by a delayed operation could lead to a NULL pointer dereference when the driver directory is removed before the operation completes. The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmetreqinit fails The issue arises when nvmetreqinit calls nvmetreqcomplete internally in case of failures, such as when an unsupported opcode is encountered. This triggers the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint – Fix for handling the configfs group list head The use of listdel on the epfgroup field of struct pciepfdriver in pciepfremovecfs is incorrect. This field is a list head, not a list entry. This listdel call trigger...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint: pci-epf-test: Add a NULL check for DMA channels before releasing them. The fields dmachantx and dmachanrx of the struct pciepftest can be NULL even after EPF initialization. Therefore, it is prudent to check that...
SUSE CVE-2025-71313
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for allocworkqueue allocworkqueue can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queuework is later called with...
CVE-2025-71313
A flaw was found in the Linux kernel's PCI endpoint driver. A missing NULL check for the allocworkqueue function can lead to a NULL pointer dereference if memory allocation fails. This vulnerability, specifically within the epfntbepcinit function, allows a local attacker to cause a system crash,...
CVE-2025-71313
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for allocworkqueue allocworkqueue can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queuework is later called with...
CVE-2025-71313 PCI: endpoint: Add missing NULL check for alloc_workqueue()
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for allocworkqueue allocworkqueue can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queuework is later called with...
EUVD-2025-210056
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for allocworkqueue allocworkqueue can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queuework is later called with...
PT-2026-45984
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference can occur in the PCI endpoint component. The function alloc workqueue may return NULL during a memory allocation failure. If this return value is not properly...
Linux Distros Unpatched Vulnerability : CVE-2025-71313
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCI: endpoint: Add missing NULL check for allocworkqueue allocworkqueue can return NULL on memory allocation failure. Without proper error checking, this may le...