UBUNTU-CVE-2026-46079

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after deviceadd succeeds, the error path calls rbdfreedisk directly and then later...

CVE-2026-46079

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after deviceadd succeeds, the error path calls rbdfreedisk directly and then later...

PT-2026-43946

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A null-pointer dereference occurs in the rbd module when device add disk fails after device add has successfully published the device. In this scenario, the error path triggers a double...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013827)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013827 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: omaphsmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore it...

SUSE CVE-2026-23096

In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the cleanup path When cdevdeviceadd fails, it internally releases the cdev memory, and if cdevdevicedel is then executed, it will cause a hang error. To fix it, we check the return value of cdevdevicea...

EUVD-2026-5446

In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the cleanup path When cdevdeviceadd fails, it internally releases the cdev memory, and if cdevdevicedel is then executed, it will cause a hang error. To fix it, we check the return value of cdevdevicea...

PT-2026-6166

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of character devices within the uacce module. Specifically, a use-after-free condition can occur during the cleanup process when...

CVE-2022-50618

CVE-2022-50618 affects the Linux kernel in the mmc subsystem for meson-gx, where mmc_add_host() return value is not checked. If it fails, allocated memory in mmc_alloc_host() leaks and, in remove path, mmc_remove_host() may operate on a not-yet-added device, causing a kernel crash via a null-dere...

PT-2025-52909

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free UAF issue related to the management of RAID devices. The problem occurs when removing a RAID device path, potentially leading to a general...

EUVD-2022-55673

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS via the Apply Configuration error text. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

SUSE CVE-2022-50568

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix fhidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct fhidg, so there is a use-after-free if /dev/hidgN is held open while the gadget is deleted...

SUSE CVE-2022-50481

In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxlguestinitafu|adapter If deviceregister fails in cxlregisterafu|adapter, the device is not added, deviceunregister can not be called in the error path, otherwise it will cause a null-ptr-dere...

CVE-2023-53596

In CVE-2023-53596, the Linux kernel patch fixes a resource leak by ensuring devm resources are released on device_del() even for bus-less/driver-less devices. The current code only calls devres_release_all() when the device has a bus and has been probed, which could leave device-managed resources...

CVE-2022-50405

In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all skuserdata reader finish before releasing the sock There is a race condition in vxlan that when deleting a vxlan device during receiving packets, there is a possibility that the sock is released after...

SUSE CVE-2022-50244

In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxlpciinitafu|adapter If deviceregister fails in cxlpciafu|adapter, the device is not added, deviceunregister can not be called in the error path, otherwise it will cause a null-ptr-deref becau...

CVE-2025-38605 wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12kdptxgetencaptype In ath12kdptxgetencaptype, the arvif parameter is only used to retrieve the ab pointer. In vdev delete sequence the arvif-ar could become NULL and that would trigge...