UBUNTU-CVE-2026-46079

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after deviceadd succeeds, the error path calls rbdfreedisk directly and then later...

CVE-2026-46079

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after deviceadd succeeds, the error path calls rbdfreedisk directly and then later...

PT-2026-43946

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when device add disk fails do rbd add publishes the device with device add before calling device add disk. If device add disk fails after device add succeeds, the error path calls rbd free disk directly an...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013827)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013827 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: omaphsmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore it...

SUSE CVE-2026-23096

In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the cleanup path When cdevdeviceadd fails, it internally releases the cdev memory, and if cdevdevicedel is then executed, it will cause a hang error. To fix it, we check the return value of cdevdevicea...

EUVD-2026-5446

In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the cleanup path When cdevdeviceadd fails, it internally releases the cdev memory, and if cdevdevicedel is then executed, it will cause a hang error. To fix it, we check the return value of cdevdevicea...

PT-2026-6166

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of character devices within the uacce module. Specifically, a use-after-free condition can occur during the cleanup process when...

CVE-2022-50618

CVE-2022-50618 affects the Linux kernel in the mmc subsystem for meson-gx, where mmc_add_host() return value is not checked. If it fails, allocated memory in mmc_alloc_host() leaks and, in remove path, mmc_remove_host() may operate on a not-yet-added device, causing a kernel crash via a null-dere...

PT-2025-52909

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free UAF issue related to the management of RAID devices. The problem occurs when removing a RAID device path, potentially leading to a general...

EUVD-2022-55673

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS via the Apply Configuration error text. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

SUSE CVE-2022-50568

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix fhidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct fhidg, so there is a use-after-free if /dev/hidgN is held open while the gadget is deleted...

SUSE CVE-2022-50481

In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxlguestinitafu|adapter If deviceregister fails in cxlregisterafu|adapter, the device is not added, deviceunregister can not be called in the error path, otherwise it will cause a null-ptr-dere...

CVE-2023-53596

In CVE-2023-53596, the Linux kernel patch fixes a resource leak by ensuring devm resources are released on device_del() even for bus-less/driver-less devices. The current code only calls devres_release_all() when the device has a bus and has been probed, which could leave device-managed resources...

CVE-2022-50405

In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all skuserdata reader finish before releasing the sock There is a race condition in vxlan that when deleting a vxlan device during receiving packets, there is a possibility that the sock is released after...

SUSE CVE-2022-50244

In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxlpciinitafu|adapter If deviceregister fails in cxlpciafu|adapter, the device is not added, deviceunregister can not be called in the error path, otherwise it will cause a null-ptr-deref becau...

CVE-2025-38605 wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12kdptxgetencaptype In ath12kdptxgetencaptype, the arvif parameter is only used to retrieve the ab pointer. In vdev delete sequence the arvif-ar could become NULL and that would trigge...