CVE-2026-52976

A flaw was found in the Linux kernel. Specifically, within the drm/xe graphics driver, two error handling issues in the xeexecqueuecreateioctl function could lead to memory corruption. This could result in a dangling pointer or a use-after-free vulnerability. A local attacker could potentially...

CVE-2026-52976

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix error cleanup in xeexecqueuecreateioctl Two error handling issues exist in xeexecqueuecreateioctl: 1. When xehwenginegroupaddexecqueue fails, the error path jumps to putexecqueue which skips xeexecqueuekill. If the VM...

UAF after pause in socket callback

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

EUVD-2026-38726

In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: The initialization of the dangling pointer that occurs in vsk-trans During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This issue is...

Astra Linux – Vulnerability in Linux, Linux 5.10

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling ‘file’ pointer...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/nouveau: prime: fix ttmbodelayeddelete oops Fixed an oops in ttmbodelayeddelete that occurs due to a dangling pointer being referenced: Oops: General Protection Fault, likely for a non-canonical address 0x6b6b6b6b6b6b6b7b:...

Astra Linux – Vulnerability in NBD

In nbd-server in nbd before 3.24, there is an integer overflow that leads to a heap-based buffer overflow. A value of 0xffffffff in the name length field causes a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue occurs for the NBDOPTINFO,...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Fixed a slab-use-after-free issue caused by a dangling pointer dqipriv. When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses the syscall to call ocfs2getnextid...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: afpacket: Avoid errors after sockinitdata in packetcreate. After sockinitdata, the allocated sk object is attached to the provided sock object. In case of an error, packetcreate frees the sk object, leaving a dangling pointer in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: The clearwalkcontrol function operates on an inactive context in damoswalk. damoswalk sets ctx-walkcontrol to the control structure provided by the caller before checking whether the context is running. If the...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Cleaning up a dangling pointer on the bind error path The mtkdrmBind function may fail, in which case drmdevPut is called, destroying the drmdevice object. However, a pointer to that object was still being held by t...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: gve: Clearing napi-skb before devkfreeskbany In gverxfreeskb, napi-skb is incorrectly left referencing an skb after it is freed using devkfreeskbany. This can result in a subsequent call to napigetfrags returning a dangling...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: xfs: Do not perform irele after failing to perform iget in xfsattrirecoverwork. xlogrecoveryiget never sets @ip to a valid pointer if it returns an error; therefore, this irele will cause a dangling pointer. This issue has bee...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer. When hvs is released, there is a possibility that vsk-trans might not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by...

Astra Linux – Vulnerability in Linux

A vulnerability was discovered in the Linux kernel, where the function sunkbdreinit was executed after sunkbdinterrupt had been called, even before sunkbd was freed. Although the dangling pointer is set to NULL in sunkbddisconnect, there is still an alias in sunkbdreinit that leads to a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: afcan – Do not leave a dangling sk pointer in cancreate. When the cancreate function fails, it releases the allocated sk object. However, sockinitdata has already attached this object to the provided sock object. This will...

EUVD-2026-38004

A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decodemove function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by...

CVE-2026-9158

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory use-after-free...

EUVD-2026-37896

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory use-after-free...