PT-2026-39036

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A device leak occurs in the net: mctp component during a probe failure. The driver takes a reference to the USB device during the probe process but fails to release it when the probe...

EUVD-2026-27752

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dmputdevice when failing to get scsi dh name When commit fd81bc5cca8f "scsi: devicehandler: Return error pointer in scsidhattachedhandlername" added code to fail parsing the path if scsidhattachedhandlername...

EUVD-2025-209679

In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leaks on common probe Make sure to drop the reference taken when looking up the SMI device during common probe on late probe failure e.g. probe deferral and on driver unbind...

CVE-2025-71287

In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb probe on late probe failure e.g. probe deferral and on driver unbind...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: A reference count leak was fixed in snruncoremmiomap. pcigetdevice will increase the reference count of the returned pcidev. Therefore, snruncoregetmcdev will return a pcidev with its reference count...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change to fix a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case. The isp1301getclient helper only increments the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: The reference count of the device should always be dropped in ibdelsubdeviceandput. Since nldevdeldev introduced in commit 060c642b2ab8 “RDMA/nldev: Add support for adding/deleting a sub IB device through netlink” grab...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed the refcount leak for PCI devices. According to the comments on pcigetdomainbusandslot, it returns a PCI device with a refcount that increments after use. Therefore, the caller must decrement the reference count...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: serial: pch: Fixed the reference count leak in pchrequestdma. According to the comments on pcigetslot, it returns a pcidevice with its reference count increased. The caller must decrement the reference count by calling pcidevput...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for missing rcu protection. When removing the rcureadlock from bondethtoolgettsinfo, I didn’t realize that it could also be called via setsockopt, which does not hold a rcu lock. As pointed out by syzbot: Stack trace...

Linux Distros Unpatched Vulnerability : CVE-2026-31701

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: caiaq: take a reference on the USB device in createcard The caiaq driver stores a pointer to the parent USB device in cdev-chip.dev but never takes a...

CVE-2026-31760

The CVE-2026-31760 issue affects the Linux kernel GPIB gpib: lpvo_usb driver, where the driver incorrectly retains references to USB devices during GPIB attach, causing a memory leak on disconnect. The root cause is not releasing those references after attaching, leading to resource retention. Th...

CVE-2026-31732 gpio: Fix resource leaks on errors in gpiochip_add_data_with_key()

In the Linux kernel, the following vulnerability has been resolved: gpio: Fix resource leaks on errors in gpiochipadddatawithkey Since commit aab5c6f20023 "gpio: set device type for GPIO chips", gdev-dev.release is unset. As a result, the reference count to gdev-dev isn't dropped on the error...

PT-2026-36367

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Resource leaks occur in the gpiochip add data with key function. Due to gdev-dev.release being unset, the reference count to gdev-dev is not dropped during error handling paths...

PT-2026-36331

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The caiaq driver in the ALSA subsystem stores a pointer to the parent USB device in cdev-chip.dev without taking a reference to it. This leads to a use-after-free scenario where the snd...

CVE-2026-31678

A flaw was found in the Linux kernel's Open vSwitch OVS component. A race condition can occur during the destruction of a network device netdev tunnel, where the ovsnetdevtunneldestroy function may attempt to release a device reference while other parts of the system are still actively using it...

Linux Distros Unpatched Vulnerability : CVE-2026-31604

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a...

SUSE CVE-2026-31604

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...

SUSE CVE-2026-31663

In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transportfinish NFHOOK After async crypto completes, xfrminputresume calls devput immediately on re-entry before the skb reaches transportfinish. The skb-dev pointer is then used inside NFHOOK and i...

CVE-2026-31663

A flaw was found in the Linux kernel's xfrm IP eXtensible FRamework subsystem. This vulnerability involves a race condition where a network device's reference is released too early during packet processing after asynchronous cryptography. This premature release can lead to the system attempting t...