UBUNTU-CVE-2026-45875

In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Fix regulator resource leak on wm5102clearwritesequencer failure The wm5102clearwritesequencer helper may return an error and just return, bypassing the cleanup sequence and causing regulators to remain enabled,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: dma: fixed a memory leak that occurred during the mt76dmatxcleanup routine. Fixed the memory leak caused by unregistering devices, and ensured that all configured rx queues are always cleaned up during the...

UBUNTU-CVE-2026-43395

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xesyncentryparse can allocate references syncobj, fence, chain fence, or user fence before hitting a later failure path. Several of those paths returned directly,...

CVE-2026-33623 PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a...

CVE-2026-33623 PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a...

GHSA-P8MM-644P-PHMH PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution

Summary PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a needle derived from the profile path. In v0.8.4, that string interpolation escapes...

CVE-2022-50885

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxeqpdocleanup+0x2f3/0x360 rdmarxe Read of size 8 at addr 000000000000001...

CVE-2022-50885 RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxeqpdocleanup+0x2f3/0x360 rdmarxe Read of size 8 at addr 000000000000001...

CVE-2022-50671 RDMA/rxe: Fix "kernel NULL pointer dereference" error

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxequeueinit in the function rxeqpinitreq fails, both qp-req.task.func and qp-req.task.arg are not initialized. Because of creation of qp fails, the function rxecreateqp...

EUVD-2023-59898

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-39811

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: Clear the scratchpt pointer on error Avoid triggering a dereference of an error pointer on cleanup in xevmfreescratch by clearing any scratchpt error pointer. cherry picked from commit...

DEBIAN-CVE-2025-39705

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a Null pointer dereference vulnerability Why A null pointer dereference vulnerability exists in the AMD display driver's DC module cleanup function dcdestruct. When display control context dc-ctx construction...

UBUNTU-CVE-2025-38544

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AFRXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will be used to thread related recvmsg and sendmsg together. The...

CVE-2025-37878 perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARNON!ctx in freeevent for partial init Move the getctxchildctx call and the childevent-ctx assignment to occur immediately after the child event is allocated. Ensure that childevent-ctx is non-NULL before any...

CVE-2025-37878 perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARNON!ctx in freeevent for partial init Move the getctxchildctx call and the childevent-ctx assignment to occur immediately after the child event is allocated. Ensure that childevent-ctx is non-NULL before any...

CVE-2022-49398

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace listforeachentrysafe if using giveback The listforeachentrysafe macro saves the current item n and the item after n+1, so that n can be safely removed without corrupting the list. However, when traversi...

CVE-2022-49059

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flushworkqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism timer and...

CVE-2022-49398

CVE-2022-49398 relates to the Linux kernel’s USB DWC3 gadget path. The vulnerability arises when traversing the cancelled_list during dwc3_gadget_ep_cleanup_cancelled_requests() while a pull-up disable sequence runs in parallel, causing a window where removing an item (n) and then the next item (...

CVE-2022-49059 nfc: nci: add flush_workqueue to prevent uaf

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flushworkqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism timer and...

UBUNTU-CVE-2021-46979

In the Linux kernel, the following vulnerability has been resolved: iio: core: fix ioctl handlers removal Currently ioctl handlers are removed twice. For the first time during iiodeviceunregister then later on inside iiodeviceunregistereventset and iiobuffersfreesysfsandmask. Double free leads to...