EUVD-2026-40259

A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...

CVE-2026-14164

A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...

CVE-2026-14164

CVE-2026-14164 concerns libarchive’s RAR5 reader. A double-free arises when a filtered_buf pointer remains stale after being freed during unpack state reinitialization, allowing a second free on processing a subsequent archive entry. The issue is triggered by parsing a specially crafted RAR5 arch...

CVE-2026-43706

A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2026-43706

CVE-2026-43706 is a memory-management defect (double free) in libxslt affecting macOS Tahoe 26.5.2, iOS 26.5.2, and iPadOS 26.5.2. The root cause is a double-free in processing malicious web content, which may cause an unexpected process crash. Apple lists libxslt as the vulnerable component with...

CVE-2026-53286

A flaw was found in the Linux kernel. Specifically, a double free and use-after-free vulnerability exists in the idpf driver's auxiliary device error paths. This flaw occurs when auxiliarydeviceadd fails, leading to improper memory handling where memory is freed twice or accessed after being free...

CVE-2026-53294

A flaw was found in the Linux kernel's mailbox subsystem. This vulnerability occurs when the receive RX channel is aliased to the transmit TX channel with a different Memory-Mapped I/O MMIO and is not properly handled during the freeing of channels. This can lead to a double-free condition, which...

kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path

A flaw was found in the Linux kernel, specifically within the RDMA Remote Direct Memory Access vmwpvrdma module. This vulnerability is a double free, which means the system attempts to release the same memory resource twice. This can occur in an error handling path within the pvrdmaallocucontext...

SUSE CVE-2026-53286

In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-after-free in aux device error paths When auxiliarydeviceadd fails in idpfplugvportauxdev or idpfplugcoreauxdev, the errauxdevadd label calls auxiliarydeviceuninit and falls through to errauxdevinit...

CVE-2026-52987

A flaw was found in the Linux kernel. A double free vulnerability exists in the drm/amdgpu component within the userq validate function. This issue arises because the drmexecfini function is called twice on the same execution object, which is not designed to be idempotent. An attacker could...

EUVD-2026-39899

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reused channel The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs...

CVE-2026-53294

The CVE-2026-53294 entry concerns the Linux kernel mailbox subsystem. The issue arises in mailbox-test where the RX channel can be aliased to the TX channel if they have different MMIO, creating a special case that can lead to a double-free when freeing channels. The public descriptions indicate ...

CVE-2026-53286

The CVE-2026-53286 issue concerns the Linux kernel IDPF code, specifically an improper handling of auxiliary devices during error paths that can trigger a use-after-free and double-free in iadev structures. In idpf_plug_vport_aux_dev() and idpf_plug_core_aux_dev(), if auxiliary_device_add() fails...

EUVD-2026-39891

In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-after-free in aux device error paths When auxiliarydeviceadd fails in idpfplugvportauxdev or idpfplugcoreauxdev, the errauxdevadd label calls auxiliarydeviceuninit and falls through to errauxdevinit...

CVE-2026-53067

A flaw was found in the Linux kernel's PCI Peripheral Component Interconnect endpoint Message Signaled Interrupts MSI doorbell allocation. When MSI allocation fails, the system may attempt to free already freed memory, leading to a double-free vulnerability. This issue can result in memory...

CVE-2026-53233

A flaw was found in the Linux kernel. A double-free vulnerability exists within the netdevnlbindrxdoit function, which is responsible for binding network device receive operations. This vulnerability arises when genlmsgreply consumes the socket buffer skb, and the error handling path subsequently...

PT-2026-52933

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox-test component where a double-free occurs during the process of freeing channels. This happens because the RX channel can be aliased to the TX channel if i...

PT-2026-52925

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the idpf driver where a double free and use-after-free occur during auxiliary device error paths. When the auxiliary device add function fails within idpf plug vport a...

Curl 8.15.0 < 8.21.0 SASL Double-Free

The version of curl installed on the remote host is 8.15.0 prior to 8.21.0. It is, therefore, affected by a double-free vulnerability: - The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the...

Oracle Linux 9 : kernel (ELSA-2026-27789)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27789 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177392 CVE-2026-46331 - scsi: qla2xxx: Completely fix fcport doub...