7518 matches found
CVE-2026-52932
In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...
kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...
EUVD-2026-37008
Slim has Reflected XSS in the HtmlErrorRenderer...
kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...
Linux Distros Unpatched Vulnerability : CVE-2026-48615
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy...
GHSA-6V7P-G79W-8964 MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error
Impact If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. If the Unpacker is used repeatedly to unpack untrusted input from external sources, it may be vulnerable to a DoS attack. Patches v1.2.1 Workarounds Users should create a new Unpacker instead of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/bridge: synopsys: dw-dp: fixed error paths in dwdpBind. Several issues in error handling for dwdpBind have been fixed: 1. A missing return statement after a failure in drmbridgeattach—the function continued execution inste...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: mxs: Fixed error handling in mxssgtl5000probe. This function only calls ofnodeput in the regular path. It will cause a refcount leak in error-prone paths. For example, when codecnp is NULL, saifnp0 and saifnp1 are not NULL,...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: core: Fixed a use-after-free in sndsocexit. KASAN reported a use-after-free: BUG: KASAN: Use-after-free in devicedel+0xb5b/0xc60. A read of size 8 at address ffff888008655050 was performed by the task rmmod/387. CPU: 2;...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: A memory leak has been fixed in dwc3qcominterconnectinit. In the alloc Resources for path handle function of oficcget, resources should be released when they are no longer needed. This should be done similarly in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Lag – Check for LAG devices before creating debugfs. The function mlx5lagdevaddmdev may return 0 success even when an error occurs, but this error is handled gracefully. As a result, the initialization process continues...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fixed the issue where the dmabuf was not unpined in the error-prone preparefb function. Corrected the error handling in preparefb to prevent resource leaks when an error occurs...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: rtla/osnoise: Prevent NULL dereferencing in error handling. If the allocation of "tool-data" fails, there is no need to call osnoisefreetop. In fact, doing so will lead to a NULL dereferencing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: gpio: Resource leaks were fixed in cases where an error occurred in gpiochipadddatawithkey. Since the commit aab5c6f20023 “gpio: setting device type for GPIO chips”, gdev-dev.release is not set. As a result, the reference coun...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: chardev: Fixed error handling in cdevdeviceadd. While performing fault injection tests, the following issue was reported: ------------ Cut here ------------ kobject: “null” 0000000039956980: Not initialized, yet kobjectput is bei...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: batman-adv: fix error handling Syzbot reported an ODEBUG warning in batadvncmeshfree. The problem lay in incorrect error handling in batadvmeshinit. Before this patch, batadvmeshinit would call batadvmeshfree in case any...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Resets the ttaskcdb pointer in error cases If the allocation of cmd-ttaskcdb fails, it remains NULL, but it is later referenced in the ‘err’ path. In case of an error, the NULL ttaskcdb value is reset to point at th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: PCI: Fixed NULL dereferencing in the error path during SR-IOV VF creation. Fixed issues when virtfn setup fails, preventing NULL pointer dereferencing during device removal. The kernel error occurred due to incorrect error...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fixed a memory leak in pvrprobe. The error handling code in pvr2hdwcreate forgets to unregister the v4l2 device. When pvr2hdwcreate returns back to pvr2contextcreate, it calls pvr2contextdestroy to destroy the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dm mpath: Added the missing dmputdevice call when failing to obtain the scsi dh name. When commit fd81bc5cca8f “scsi: devicehandler: Returning an error pointer in scsidhattachedhandlername”, code was added to fail the parsing of...