234 matches found
UBUNTU-CVE-2026-53290
In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...
SUSE CVE-2026-53251
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...
CVE-2026-53251
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...
UBUNTU-CVE-2026-53156
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix use-after-free bugs in error paths Fix several instances of error paths in which we call nvmemdeviceput - which may end up freeing the underlying memory and other resources - and then keep on using the nvmem...
UBUNTU-CVE-2026-53251
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...
EUVD-2026-39227
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix a use-after-free of the hciconn pointer In isosockrebindbc, the bis pointer is cached, then the socket lock is dropped: bis = isopisk-conn-hcon; / Release the socket before lookups since that requires hcidevlo...
PT-2026-52346
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth ISO component where the iso conn big sync function fails to release a reference to the hci dev pointer. This occurs because hci get route returns a...
EUVD-2026-38994
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix disk reference leak in blkcgmaybethrottlecurrent Add the missing putdisk on the error path in blkcgmaybethrottlecurrent. When blkcg lookup, blkg lookup, or blkgtryget fails, the function jumps to the out label whi...
CVE-2026-53126
CVE-2026-53126 corresponds to a Linux kernel fix for a disk reference leak in blkcg_maybe_throttle_current. The issue occurred when blkcg lookup, blkg lookup, or blkg_tryget() failed and control flowed to the error path; the code released only rcu_read_unlock() and failed to release the disk refe...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: The reference count of the device should always be dropped in ibdelsubdeviceandput. Since nldevdeldev introduced in commit 060c642b2ab8 “RDMA/nldev: Add support for adding/deleting a sub IB device through netlink” grab...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon receiving report-present messages. Be sure to release the reference taken when checking for already registered devices...
EUVD-2026-38715
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfqueue: hold bridge skb-dev while queued brpassframeup rewrites skb-dev from the ingress port to the bridge master before queueing bridge LOCALIN packets. NFQUEUE only holds references on state.in/out and bridge...
CVE-2026-52904
CVE-2026-52904 affects the Linux kernel's DRM Nouveau NVKM path. When aperture_remove_conflicting_pci_devices() fails, nvkm_device_pci_new() could leak the device wrapper and pci_enable_device() reference. The fix redirects to the existing fail_nvkm path so nvkm_device_del() runs and balances res...
SUSE CVE-2026-46048
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usbdev refcount leak on probe failure createcard takes a reference on the USB device with usbgetdev and stores the matching usbputdev in cardfree, which is installed as the sndcard's -privatefree destructor...
CVE-2026-45917
A flaw was found in the Linux kernel's IP Virtual Server IPVS component. A race condition exists between the network device notifier and the destination cache when a device is shutting down. This can lead to a leaked device reference, potentially causing system instability or a denial of service...
CVE-2026-46005
A flaw was found in the Linux kernel's xfs filesystem. This resource leak occurs in the xfsallocbuftarg function's error path, where a DAX Direct Access device reference is not properly dropped. An attacker could potentially exploit this flaw to cause resource exhaustion, leading to a Denial of...
EUVD-2026-32343
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtpbusremoveallclients During a warm reset flow, the cl-device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl-device-referencecount witho...
CVE-2026-46048
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usbdev refcount leak on probe failure createcard takes a reference on the USB device with usbgetdev and stores the matching usbputdev in cardfree, which is installed as the sndcard's -privatefree destructor...
CVE-2026-46005
The CVE-2026-46005 issue concerns a resource leak in the XFS code path of the Linux kernel (xfs_alloc_buftarg) where, in error paths, the DAX device reference must be dropped via fs_put_dax(). Connected documents indicate patches and mitigations across multiple distributions: Debian/OpenSUSE OSV ...
CVE-2026-45981 s390/cio: Fix device lifecycle handling in css_alloc_subchannel()
In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in cssallocsubchannel cssallocsubchannel calls deviceinitialize before setting up the DMA masks. If dmasetcoherentmask or dmasetmask fails, the error path frees the subchannel structure...