43518 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53278
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - armmpam: Check whether the config array is allocated before destroying it destroycomponentcfg is called to free the configuration array. It uses the embedded...
CVE-2026-10648
mcumgrserialprocessfrag in subsys/mgmt/mcumgr/transport/src/serialutil.c calls netbufreset on the result of smppacketalloc before checking it for NULL. smppacketalloc uses netbufallocKNOWAIT against the shared MCUmgr packet pool CONFIGMCUMGRTRANSPORTNETBUFCOUNT, default 4, which returns NULL when...
CVE-2026-10648 NULL-pointer dereference in MCUmgr serial/console SMP transport on buffer-pool exhaustion
mcumgrserialprocessfrag in subsys/mgmt/mcumgr/transport/src/serialutil.c calls netbufreset on the result of smppacketalloc before checking it for NULL. smppacketalloc uses netbufallocKNOWAIT against the shared MCUmgr packet pool CONFIGMCUMGRTRANSPORTNETBUFCOUNT, default 4, which returns NULL when...
CVE-2026-53204
In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while the SMC call is still pending. In stratix10rsuprobe, the error paths f...
CVE-2026-53299
A flaw was found in the Linux kernel, specifically within the airoha network driver. This vulnerability arises from an issue where a variable ndesc is initialized too early in the airohaqdmainittxqueue routine. If a queue entry list allocation fails, this premature initialization can lead to a NU...
CVE-2026-53301
A flaw was found in the Linux kernel. Missing reset operations can lead to a null pointer dereference, which may cause system instability or a denial of service DoS. This vulnerability occurs when the system attempts to use uninitialized reset operations, resulting in an unexpected system state...
CVE-2026-53289
A flaw was found in the Linux kernel's ice network driver. This vulnerability allows a local attacker to trigger a NULL pointer dereference by initiating an NVM Non-Volatile Memory firmware update while the driver is in a transitional state. This can lead to a kernel crash, resulting in a Denial ...
CVE-2026-53280
A flaw was found in the Linux kernel's Input-Output Memory Management Unit IOMMU component. This vulnerability occurs when a default IOMMU domain fails to allocate during the initial probe, leading to a NULL pointer dereference. This can cause a system crash, resulting in a Denial of Service DoS...
CVE-2026-53325
In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agpamd64probe A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment e.g. qemu/kvm without a physical AMD northbridge. The crash occurs...
UBUNTU-CVE-2026-53325
In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agpamd64probe A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment e.g. qemu/kvm without a physical AMD northbridge. The crash occurs...
libxslt: use-after-free with key data stored cross-RVT
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...
PT-2026-53755
Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description An issue exists where the mcumgr serial process frag function in subsys/mgmt/mcumgr/transport/src/serial util.c calls net buf reset on the result of smp packet alloc without first verifying if the result is NUL...
Linux Distros Unpatched Vulnerability : CVE-2026-57434
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on...
CVE-2026-10593
The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...
SUSE CVE-2026-53297
In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard manaremove against double invocation If PM resume fails e.g., manaattach returns an error, manaprobe calls manaremove, which tears down the device and sets gd-gdmacontext = NULL and gd-driverdata = NULL. However,...
SUSE CVE-2026-53301
In the Linux kernel, the following vulnerability has been resolved: reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet...
Linux Distros Unpatched Vulnerability : CVE-2026-53135
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs Why & How dpsdpmessagedebugfswrite dereferences connector-base.state-crtc without checking f...
Linux Distros Unpatched Vulnerability : CVE-2026-53289
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM...
Linux Distros Unpatched Vulnerability : CVE-2026-52951
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/dma-buf: handle empty bo and UAF races There look to be some nasty races here when triggering the invalidatemappings hook: 1 We do xeboalloc followed by...
Linux Distros Unpatched Vulnerability : CVE-2026-53105
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7925: prevent NULL vif dereference in mt7925macwritetxwi Check for a NULL vif before accessing ieee80211vifismldvif to avoid a potential kernel...