PT-2026-34956

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A device leak exists in the rtw88 wifi driver. The driver takes a reference to the USB device during the probe process but fails to release it when certain probe errors occur, such as...

PT-2026-34972

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the ALSA usx2y driver for the TASCAM US-144MKII device. A malicious USB device can provide a configuration containing bInterfaceNumber=1 without an...

CVE-2025-13763

CVE-2025-13763 affects OpenSC's libopensc with multiple uses of uninitialized variables, potentially allowing information disclosure or application crash. The issue requires a crafted USB device or smart card that supplies specially crafted APDUs. Reports indicate Red Hat and Fedora/OpenSUSE advi...

CLSA-2026-1776940444 perl-XML-Parser: Fix of CVE-2006-10003

CVE-2006-10003: fix off-by-one heap buffer overflow in stserialstack growth check in Expat/Expat.xs startElement; also backport upstream follow-up 2abd177 to initialize stserialstacksize=1024 after allocation...

freerdp: FreeRDP heap-use-after-free

A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...

CVE-2026-31485

A flaw was found in the spi-fsl-lpspi driver within the Linux kernel. This vulnerability, identified as a Use-After-Free UAF issue, stems from a teardown order problem during the unregistration of the Serial Peripheral Interface SPI controller. When a running SPI transfer attempts to access...

CVE-2026-31487

A flaw was found in the Linux kernel, specifically within its Serial Peripheral Interface SPI subsystem. This vulnerability arises from improper handling of memory when a driver is being attached, leading to a use-after-free UAF condition. A UAF vulnerability is a type of memory corruption that c...

EUVD-2026-24853

In the Linux kernel, the following vulnerability has been resolved: spi: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...

CVE-2026-31489

In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path mesonspiccprobe registers the controller with devmspiregistercontroller, so teardown already drops the controller reference via devm cleanup. Calling spicontrollerput again in...

CVE-2026-31489

In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path mesonspiccprobe registers the controller with devmspiregistercontroller, so teardown already drops the controller reference via devm cleanup. Calling spicontrollerput again in...

freerdp: FreeRDP heap-use-after-free

A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...

freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface

A heap buffer overflow has been discovered in FreeRDP. The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface...

freerdp: FreeRDP heap-use-after-free

A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the SPI subsystem not using the general driveroverride infrastructure. This vulnerability may lea...

PT-2026-34394

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-put issue exists in the remove path of the meson-spicc SPI driver. The meson spicc probe function registers the controller using devm spi register controller, which ensures the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013764)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013764 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: idmouse: fix an uninit-value in idmouseopen In idmousecreateimage, if any ftipcommand fails,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013836)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013836 advisory. In the Linux kernel, the following vulnerability has been resolved: igb: Fix igbdown hung on surprise removal In a setup where a Thunderbolt hub connects to Ethernet...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013576)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013576 advisory. In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by dosubmiturb There are UAF bugs caused by...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013559)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013559 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: Fix several use-after-free bugs Several types of UAFs can occur when physically...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013510)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013510 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port-pm on port specific driver unbind When we unbind a serial port hardware...