Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: chardev: Fixed error handling in cdevdeviceadd. While performing fault injection tests, the following issue was reported: ------------ Cut here ------------ kobject: “null” 0000000039956980: Not initialized, yet kobjectput is bei...

CVE-2026-46079

CVE-2026-46079 concerns the Linux kernel RBD path. The issue arises when device_add_disk() is followed by a failure in device_add_disk(); the code can call rbd_free_disk() twice and then rbd_dev_device_release(), causing a null-ptr-deref in __blk_mq_free_map_and_rqs() during blk-mq cleanup. The f...

CVE-2025-71272

In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early before registering the device. In these cases, it returned an error code...

CVE-2025-71272

The CVE-2025-71272 entry concerns a Linux kernel resource-leak in most_register_interface(). When initialization fails before device registration, memory for the interface could be leaked. The fix initializes the device early with device_initialize(), calls put_device() on all error paths, and sw...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fixed a possible memory leak if deviceadd fails. If deviceadd returns an error, the name allocated by devsetname needs to be freed. As noted in the comments for deviceadd, putdevice should be used to reduce the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013223)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013223 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: fix possible memory leak in ibmebusbusinit If deviceregister returns error in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007226)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007226 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: remove device from smcddevlist after failed deviceadd If the deviceadd for a smcddev...

CVE-2026-31399

In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if deviceadd fails in ndasyncdeviceregister. Commit b6eae0f61db2 "libnvdimm: Hold reference on parent while...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005764)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005764 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory leak if deviceadd fails If deviceadd returns error, the name...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005653)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005653 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible memory leak if deviceadd fails If deviceadd returns error, the name...

EUVD-2023-59802

Malicious code in bioql PyPI...

UBUNTU-CVE-2022-50419

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times deviceadd shall not be called multiple times as stated in its documentation: 'Do not call this routine or deviceregister more than once for any device structure...

CVE-2022-50419 Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times deviceadd shall not be called multiple times as stated in its documentation: 'Do not call this routine or deviceregister more than once for any device structure...

CVE-2022-50419 Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times deviceadd shall not be called multiple times as stated in its documentation: 'Do not call this routine or deviceregister more than once for any device structure...

CVE-2022-50419

CVE-2022-50419 concerns the Linux kernel Bluetooth subsystem, specifically the hci_sysfs path. The public description states that the issue arises from attempting to call device_add multiple times for a single device structure, violating documented expectations that device_add() (and device_regis...

SUSE CVE-2022-50349

In the Linux kernel, the following vulnerability has been resolved: misc: tifm: fix possible memory leak in tifm7xx1switchmedia If deviceregister returns error in tifm7xx1switchmedia, name of kobject which is allocated in devsetname called in deviceadd is leaked. Never directly free @dev after...

CVE-2022-49793

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iiosysfstriginit devsetname allocates memory for name, it need be freed when deviceadd fails, call putdevice to give up the reference that hold in deviceinitialize, so that it can ...

CVE-2022-48975 gpiolib: fix memory leak in gpiochip_setup_dev()

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix memory leak in gpiochipsetupdev Here is a backtrace report about memory leak detected in gpiochipsetupdev: unreferenced object 0xffff88810b406400 size 512: comm "python3", pid 1682, jiffies 4295346908 age 24.090s...

CVE-2022-48975 gpiolib: fix memory leak in gpiochip_setup_dev()

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix memory leak in gpiochipsetupdev Here is a backtrace report about memory leak detected in gpiochipsetupdev: unreferenced object 0xffff88810b406400 size 512: comm "python3", pid 1682, jiffies 4295346908 age 24.090s...

CVE-2022-48975

CVE-2022-48975 concerns a memory leak in Linux kernel GPIO handling. The backtrace shows the leak occurs during gpiochip_setup_dev() when registering GPIO devices, with resources allocated in device_private_init() not released on error paths. The fix moves the release logic to use put_device() to...