136 matches found
CVE-2026-31689
In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edacmcalloc When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice which will end up calling the device's release function. However, the init ordering is wrong...
CVE-2026-31689 EDAC/mc: Fix error path ordering in edac_mc_alloc()
In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edacmcalloc When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice which will end up calling the device's release function. However, the init ordering is wrong...
CVE-2026-31689
The CVE-2026-31689 issue affects the Linux kernel EDAC/mc path: edac_mc_alloc() may call put_device() during an error path before device_init completes, causing a kobject initialization/cleanup hazard and in-kernel MCE decoding symptoms. The fix reorders the initialization so the device (and its ...
PT-2026-35495
In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edac mc alloc When the mci-pvt info allocation in edac mc alloc fails, the error path will call put device which will end up calling the device's release function. However, the init ordering is...
CVE-2026-31621
A flaw was found in the Linux kernel's bnge driver. When an error occurs during device initialization, the driver fails to return after deallocating a device, leading to a null pointer dereference. This can cause system instability or a crash, resulting in a Denial of Service DoS for affected...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011305)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011305 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix potential memory leak In function deviceinittd0ring, memory is allocated for...
UBUNTU-CVE-2026-23258
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...
EUVD-2026-9409
In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the accel object may run before that object's address is stored in the driver data of the input device usi...
CVE-2026-23237
CVE-2026-23237 affects the Linux kernel, specifically the platform/x86 classmate-laptop driver. The issue arises when sysfs attributes of the input device are accessed before the driver has stored the input device address, causing NULL pointer dereferences via dev_get_drvdata(&inputdev->dev) i...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000520)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000520 advisory. drivers/gpu/drm/radeon/radeondisplay.c in the Linux kernel 5.2.14 does not check the allocworkqueue return value, leading to a NULL pointer dereference. NOTE: A...
PT-2026-26118
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the netdev pointer is not initialized before queue setup in the setup nic devices function. Specifically, the pointer to the network device...
CVE-2022-50727
Technical details for CVE-2022-50727 are not publicly provided in the supplied documents. Monitor for updates from the connected advisories and vendor/security bulletins.
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an incomplete memory release in deviceinittd0ring, which could lead to a memory leak...
EUVD-2025-203647
In the Linux kernel, the following vulnerability has been resolved: most: usb: hdmprobe: Fix calling putdevice before device initialization The early error path in hdmprobe can jump to errfreemdev before &mdev-dev has been initialized with deviceinitialize. Calling putdevice&mdev-dev there trigge...
CVE-2025-68249
In the Linux kernel, the following vulnerability has been resolved: most: usb: hdmprobe: Fix calling putdevice before device initialization The early error path in hdmprobe can jump to errfreemdev before &mdev-dev has been initialized with deviceinitialize. Calling putdevice&mdev-dev there trigge...
CVE-2025-68249
In the Linux kernel, the following vulnerability has been resolved: most: usb: hdmprobe: Fix calling putdevice before device initialization The early error path in hdmprobe can jump to errfreemdev before &mdev-dev has been initialized with deviceinitialize. Calling putdevice&mdev-dev there trigge...
CVE-2025-68249 most: usb: hdm_probe: Fix calling put_device() before device initialization
In the Linux kernel, the following vulnerability has been resolved: most: usb: hdmprobe: Fix calling putdevice before device initialization The early error path in hdmprobe can jump to errfreemdev before &mdev-dev has been initialized with deviceinitialize. Calling putdevice&mdev-dev there trigge...
CVE-2025-68249
CVE-2025-68249 refers to a pre-initialization bug in the Linux kernel within the usb/hub driver path (hdm_probe). The error path could jump to err_free_mdev before mdev->dev is initialized, leading to a WARN when calling put_device() on an uninitialized device and potentially triggering improp...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a call to putdevice in most:usb:hdmprobe before device initialization, which may result in a kernel warning...
EUVD-2025-197985
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials...