CVE-2026-46264

The CVE-2026-46264 entry concerns the Linux kernel component drm/xe/pf, where a cleanup action registered via devm_add_action_or_reset() could run on an uninitialized kobject. This caused use-after-free and kobject_put() errors during sysfs initialization, including underflow of refcount_t. The r...

UBUNTU-CVE-2026-43460

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove callback The driver uses devmspiregistercontroller for registration, which automatically unregisters the controller via devm cleanup when the device is removed. The manual call to...

CVE-2026-31783

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove callback amlsfcprobe registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanup...

PT-2026-36418

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove callback aml sfc probe registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanup...

Linux Distros Unpatched Vulnerability : CVE-2026-31475

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: sma1307: fix double free of devmkzalloc memory A previous change added NULL checks and cleanup for allocation failures in sma1307settingloaded. However, t...

CVE-2026-31489

This CVE (CVE-2026-31489) affects the Linux kernel meson-spicc SPI controller driver. The vulnerability arises from a double-put: meson_spicc_probe() registers the controller with devm_spi_register_controller(), and the removal path erroneously calls spi_controller_put() again in meson_spicc_remo...

CVE-2026-23132 drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: synopsys: dw-dp: fix error paths of dwdpbind Fix several issues in dwdpbind error handling: 1. Missing return after drmbridgeattach failure - the function continued execution instead of returning an error. 2. Resource...

SUSE CVE-2025-37842

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kern...

Linux Distros Unpatched Vulnerability : CVE-2024-50189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Switch to device-managed dmamalloccoherent Using the device-managed version...