CVE-2026-45914

A flaw was found in the Linux kernel's hwmon: ibmpex driver. A race condition exists where a userspace process reading a sensor file can attempt to access freed memory if it races with a device deletion operation. This use-after-free vulnerability could allow a local attacker to cause a system...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fixed the issue of double module refcount decrementation. Once the discipline is associated with the device, deleting the device will cause the module’s refcount to be decreased. Performing this operation manually alon...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net/tunnel: Wait until all skuserdata readers complete their operations before releasing the sock. There is a race condition in vxlan where, when deleting a vxlan device during packet reception, there is a possibility that the so...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: exfat: fixed the missing shutdown check. The xfstests generic/730 test failed because, after deleting a device that still contained dirty data, the file could still be read without returning an error. The reason is the missing...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Drivers: Base: Resources are freed when a device is unregistered. In the current code, the devresreleaseall function is only called if the device has a bus and has been probed. This leads to issues when using devices that lack a...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubifreevolume It willl cause null-ptr-deref in the following case: uifinit ubiaddvolume cdevadd - if it fails, call killvolumes deviceregister killvolumes - if ubiaddvolume fails call this...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ibdelsubdeviceandput Since nldevdeldev introduced by commit 060c642b2ab8 "RDMA/nldev: Add support to add/delete a sub IB device through netlink" grabs a reference using ibdevicegetbyindex...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006983)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006983 advisory. In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxlguestinitafu|adapter If deviceregister fails in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013105)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013105 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006573)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006573 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code,...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006792)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006792 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device...

CVE-2025-71157

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ibdelsubdeviceandput Since nldevdeldev introduced by commit 060c642b2ab8 "RDMA/nldev: Add support to add/delete a sub IB device through netlink" grabs a reference using ibdevicegetbyindex...

SUSE CVE-2023-54291

In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...

CVE-2023-54291 vduse: fix NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992201)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992201 advisory. In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all skuserdata reader finish before releasing the sock There is a race...

PT-2025-53164

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s UBI Unsorted Block Images module where a null pointer dereference can occur within the ubi free volume function. This issue arises during device...

DEBIAN-CVE-2022-50618

In the Linux kernel, the following vulnerability has been resolved: mmc: meson-gx: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehost...

UBUNTU-CVE-2022-50568

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix fhidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct fhidg, so there is a use-after-free if /dev/hidgN is held open while the gadget is deleted...

SUSE CVE-2023-53596

In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code, devresreleaseall only gets called if the device has a bus and has been probed. This leads to issues when using bus-less or driver-less devices...

CVE-2023-53596

In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code, devresreleaseall only gets called if the device has a bus and has been probed. This leads to issues when using bus-less or driver-less devices...