CLSA-2026-1778492595 libxml2: Fix of CVE-2022-49043

CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode by deferring xmlFreeURI until after the error path has consumed the value...

EUVD-2026-28685

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smblazyparentleasebreakclose opinfo pointer obtained via rcudereferencefp-fopinfo is being accessed after rcureadunlock has been called. This creates a race condition where the memory could be freed b...

UBUNTU-CVE-2026-43295

In the Linux kernel, the following vulnerability has been resolved: rapidio: replace riofreenet with kfree in rioscanallocnet When idtab allocation fails, net is not registered with rioaddnet yet, so kfreenet is sufficient to release the memory. Set mport-net to NULL to avoid dangling pointer...

CVE-2026-43217

A flaw was found in the Linux kernel's media: iris: gen2 component. When a session is stopped, a memory deallocation occurs. If a subsequent streaming stop operation is initiated without proper validation, it attempts to access already freed memory. This can be triggered by a local attacker or a...

CVE-2026-43149

A flaw was found in the Linux kernel's fslucchdlc module. The uhdlcmemclean function incorrectly deallocates memory by calling dmafreecoherent twice for buffers that were allocated as a single contiguous block. This improper memory handling may lead to a denial of service DoS or other unpredictab...

CVE-2026-43104

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix a memory leak in hang state error path When vc4savehangstate encounters an early return condition, it returns without freeing the previously allocated kernelstate, leaking memory. Add the missing kfree calls by...

CVE-2026-43091

The CVE-2026-43091 vulnerability affects the Linux kernel xfrm policy handling during netns exit. The root cause is that xfrm_policy_fini() frees the policy_bydst hash tables after flushing work items and deleting policies, but does not wait for concurrent RCU readers to exit read-side critical s...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility that the xen9pfsfrontfree function may be called concurrently, leading to double...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a double deallocation in the prussclkmuxsetup function within the soc ti pruss code...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of a global hash table in the nfnetlinkqueue module. This vulnerability may lead to reuse...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which arises from the failure of irdmareregmrtrans and the subsequent failure to set iwmr-region to NULL, potentially...

kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from double deallocation in incorrect paths, potentially leading to memory corruption...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a possible double deallocation of cctx-remoteheap in the fastrpc mechanism, potentially leading t...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the VMA segmentation in the xen privcmd driver, leading to double deallocation and potentially...

kernel: scsi: qla2xxx: Fix improper freeing of purex item

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...

CVE-2026-31661

A flaw was found in the Linux kernel's brcmsmac Wi-Fi driver. This vulnerability arises from an incorrect size used during memory deallocation dmafreecoherent that does not match the size allocated dmaallocconsistent, which may be adjusted for alignment. An attacker could potentially exploit this...

CVE-2026-31653

Summary : CVE-2026-31653 impacts the Linux kernel DAMON subsystem (DAMON_SYSFS). When a monitored process terminates before damon_call() runs, a dynamically allocated repeat_call_control is not deallocated, causing a memory leak. The connected sources document the root cause and confirm the fix: ...

CVE-2026-31652 mm/damon/stat: deallocate damon_call() failure leaking damon_ctx

In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damoncall failure leaking damonctx damonstatstart always allocates the module's damonctx object damonstatcontext. Meanwhile, if damoncall in the function fails, the damonctx object is not deallocated...

EUVD-2026-24863

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ctx after free On admin queue completion handling, if the admin command completed with error we print data from the completion context. The issue is that we already freed the completion context in...