Linux Distros Unpatched Vulnerability : CVE-2026-46162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls...

SUSE CVE-2026-46162

In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls auxiliarydeviceuninit&sfdev-adev. The device release callback icesfdevrelease frees sfdev, but th...

arcane 操作系统命令注入漏洞

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane 1.18.1 and earlier contain a vulnerability related to operating system command injection. This vulnerability stems from the path cleaner in the GET /environments/id/volumes/volumeName/browse endpoint not...

CVE-2026-46162

A flaw was found in the Linux kernel's ice driver. An error in the icesfethactivate function's error handling path can lead to a double free of memory. This occurs when auxiliarydeviceadd fails, causing kfreesfdev to be called twice. This vulnerability could lead to memory corruption or a denial ...

CVE-2026-49237

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

CVE-2026-46162

In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls auxiliarydeviceuninit&sfdev-adev. The device release callback icesfdevrelease frees sfdev, but th...

UBUNTU-CVE-2026-46162

In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls auxiliarydeviceuninit&sfdev-adev. The device release callback icesfdevrelease frees sfdev, but th...

CVE-2026-46162 ice: fix double free in ice_sf_eth_activate() error path

In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls auxiliarydeviceuninit&sfdev-adev. The device release callback icesfdevrelease frees sfdev, but th...

EUVD-2026-32789

In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls auxiliarydeviceuninit&sfdev-adev. The device release callback icesfdevrelease frees sfdev, but th...

CVE-2026-46162

In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls auxiliarydeviceuninitdev-adev. The device release callback icesfdevrelease frees sfdev, but the...

CVE-2026-46162

CVE-2026-46162 relates to the Linux kernel ice driver path icing the auxiliary device path in ice_sf_eth_activate(). When auxiliary_device_add() fails, the error path falls through to sf_dev_free and ends up calling kfree(sf_dev) a second time, causing a double free. The fix keeps kfree(sf_dev) f...

PT-2026-44285

In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in ice sf eth activate error path When auxiliary device add fails, ice sf eth activate jumps to aux dev uninit and calls auxiliary device uninit&sf dev-adev. The device release callback ice sf dev release fre...

CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

CVE-2026-41069

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...

CVE-2026-41069

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: clk: microchip: Fixed a potential UAF in the auxdev release callback. Similar to commit 1c11289b34ab “peci: cpu: Fixed a use-after-free in adevrelease”, the auxiliary device is not removed in the correct order. If...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fixed an use-after-free issue in the addadev function. If the auxiliarydeviceadd function fails, addadev jumps to addfail and calls auxiliarydeviceuninitadev. The auxiliary device has its release callback set to...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: perf/core: Abrupt exit if the requested AUX area is out of bounds. When using perf-record with a large AUX area, for example 4GB, the following error occurs: bash perf record -C 0 -m ,4G -e armspe0// -- sleep 1 Failed to mmap wit...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed a possible memory leak in bnxtrdmaauxdeviceinit. If ulp = kzalloc fails, the allocated edev will leak because it is not properly assigned, and the cleanup mechanism will not be able to free it. This issue was fixed ...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: A double-free operation occurs during error handling of the gpauxbusprobe function. When the auxiliarydeviceadd function returns an error, it then calls auxiliarydeviceuninit. The callback function...