CVE-2026-46103

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: lib/stringhelpers: Fixed the issue where strarray was not added to the device’s resource list. Added the allocated strarray to the device’s resource list. This is necessary to automatically release the strarray when the device...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: usb: dwc2: Fixed a device leak in hwenable upon suspend/resume. Every time the platform enters low power mode, the PM suspend/resume routines call dwc2lowlevelhwenable. This calls a new device-related function each time. This...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - net: dsa: felix: do not use devres for mdiobus. As explained in the commits: - 74b6d7d13307: “net: dsa: realtek: register the MDIO bus using devres”. - 5135e96a3dd2: “net: dsa: do not allocate the slavemiibus using devres”...

SUSE CVE-2026-31475

In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free of devmkzalloc memory A previous change added NULL checks and cleanup for allocation failures in sma1307settingloaded. However, the cleanup for modeset entries is wrong. Those entries are allocated...

CVE-2026-31475

A flaw was found in the Linux kernel's ASoC sma1307 component. An incorrect cleanup operation attempts to manually free memory that is already managed by the device resource management devres system. This can lead to a double free vulnerability, potentially causing memory corruption and system...

EUVD-2026-24883

In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of WoL irq We do not need to free wolirq since it was instantiated with devmrequestirq. So devres will free for us...

PT-2026-34380

In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free of devm kzalloc memory A previous change added NULL checks and cleanup for allocation failures in sma1307 setting loaded. However, the cleanup for mode set entries is wrong. Those entries are...

EUVD-2026-5501

In the Linux kernel, the following vulnerability has been resolved: virtionet: fix device mismatch in devmkzalloc/devmkfree Initial rsshdr allocation uses virtiodevice-device, but virtnetsetqueues frees using netdevice-device. This device mismatch causing below devres warning 3788.514041...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993165)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993165 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hwenable upon suspend resume Each time the platform goes to low...

CVE-2023-54207

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free wh...

CVE-2025-68170 drm/radeon: Do not kfree() devres managed rdev

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Do not kfree devres managed rdev Since the allocation of the drivers main structure was changed to devmdrmdevalloc rdev is managed by devres and we shouldn't be calling kfree on it. This fixes things exploding if the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect call to kfree to free a rdev managed by devres, which could result in a double release...

CVE-2025-40037

In the Linux kernel, the following vulnerability has been resolved: fbdev: simplefb: Fix use after free in simplefbdetachgenpds The pmdomain cleanup can not be devres managed as it uses struct simplefbpar which is allocated within struct fbinfo by framebufferalloc. This allocation is explicitly...

SUSE CVE-2023-53674

In the Linux kernel, the following vulnerability has been resolved: clk: Fix memory leak in devmclknotifierregister devmclknotifierregister allocates a devres resource for clk notifier but didn't register that to the device, so the notifier didn't get unregistered on device detach and the allocat...

EUVD-2025-32755

In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hifmspi nor mspi is available If neither a "hifmspi" nor "mspi" resource is present, the driver will just early exit in probe but still return success. Apart from not doing anything...

EUVD-2014-1946

Malware in sbrugna...

EUVD-2014-1943

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987120)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987120 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix UAF of leds class devs at unbinding The LED class devices that are created by...

EUVD-2025-13212

Malicious code in bioql PyPI...