CVE-2026-45881

In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: svs: Fix memory leak in svsenabledebugwrite In svsenabledebugwrite, the buf allocated by memdupusernul is leaked if kstrtoint fails. Fix this by using freekfree to automatically free buf, eliminating the need for...

UBUNTU-CVE-2026-45925

In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fix reference leak in thermalofcmlookup In thermalofcmlookup, trnp is obtained via ofparsephandle, but never released. Use the freedevicenode cleanup attribute to automatically release the node and fix the leak. rjw:...

EUVD-2026-32411

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix devicenode leak in mcprobe ofparsephandle returns a devicenode reference that must be released with ofnodeput. The original code never freed r5corenode on any exit path, causing a memory leak. Fix this by usin...

CVE-2026-46030 EDAC/versalnet: Fix device_node leak in mc_probe()

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix devicenode leak in mcprobe ofparsephandle returns a devicenode reference that must be released with ofnodeput. The original code never freed r5corenode on any exit path, causing a memory leak. Fix this by usin...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: The bind path has been refactored to use free. After a bind/unbind cycle, rndis-notifyreq remains stale. If a subsequent bind fails, the unified error handling mechanism attempts to free this stale request...

Exploit for Path Traversal in Xibosignage Xibo

Xibo CMS CVE-2023-33177 Vulnerability Tester !Python 3.6+...

Linux Distros Unpatched Vulnerability : CVE-2026-23426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/logicvc: Fix device node reference leak in logicvcdrmconfigparse The logicvcdrmconfigparse function calls ofgetchildbyname to find the layers node but fails...

SUSE CVE-2026-23426

In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvcdrmconfigparse The logicvcdrmconfigparse function calls ofgetchildbyname to find the "layers" node but fails to release the reference, leading to a device node reference leak...

PT-2026-30040

In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc drm config parse The logicvc drm config parse function calls of get child by name to find the "layers" node but fails to release the reference, leading to a device node...

EUVD-2025-36984

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: facm: Refactor bind path to use free After an bind/unbind cycle, the acm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

UBUNTU-CVE-2025-40092

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Refactor bind path to use free After an bind/unbind cycle, the ncm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

UBUNTU-CVE-2025-40093

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Refactor bind path to use free After an bind/unbind cycle, the ecm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

CVE-2025-40094 usb: gadget: f_acm: Refactor bind path to use __free()

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: facm: Refactor bind path to use free After an bind/unbind cycle, the acm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

CVE-2025-40093

The CVE-2025-40093 entry concerns the Linux kernel USB gadget ECM (f_ecm) bind path. The vulnerability arises after a bind/unbind cycle where ecm->notify_req remains stale, causing a NULL pointer dereference when the system tries to free a request via ep->ops->free_request during a subse...

CVE-2025-40093 usb: gadget: f_ecm: Refactor bind path to use __free()

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Refactor bind path to use free After an bind/unbind cycle, the ecm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

CVE-2023-53249 clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe

In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mn: fix memory leak in imx8mnclocksprobe Use devmofiomap instead of ofiomap to automatically handle the unused ioremap region. If any error occurs, regions allocated by kzalloc will leak, but using devmkzalloc...

PT-2025-20493

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the spi: fsl-qspi driver, where the use of devm APIs to manage resources and the legacy remove function cou...

SUSE CVE-2024-36890

In the Linux kernel, the following vulnerability has been resolved: mm/slab: make freekfree accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831xgpiodbgshow. 171 char label freekfree =...

UBUNTU-CVE-2024-36890

In the Linux kernel, the following vulnerability has been resolved: mm/slab: make freekfree accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831xgpiodbgshow. 171 char label freekfree =...

Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution Exploit

This Metasploit module exploits local file inclusion and log poisoning vulnerabilities CVE-2020-16152 in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS...