kernel: net: mana: fix use-after-free in add_adev() error path

A flaw was found in the Linux kernel's mana network driver. An issue in the error handling of the addadev function can lead to a use-after-free vulnerability. This occurs when memory is released prematurely but then accessed again, which could allow a local attacker to cause a system crash denial...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - net: genl: fixed a memory leak in the error path during policy dumping. - If the construction of the policy array fails when recording non-first policies, we need to unwind the process. - The netlinkpolicydumpaddpolicy...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fixed a reference count leak in dmardevscopeinit. The function foreachpcidev is implemented by pcigetdevice. The comment accompanying pcigetdevice states that it will increase the reference count of the returned pcide...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NTB: Fixed a possible name leak in ntbregisterdevice. If deviceregister fails in ntbregisterdevice, the device name allocated by devsetname should be freed. According to the comment in deviceregister, callers should use putdevice...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8183: fixed a refcount leak in mt8183mt6358ts3a227max98357devprobe. The node returned by ofparsephandle has a refcount that is incremented; ofnodeput must be called when using it again. Therefore, this issue nee...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Do not pass actlen in the usbbulkmsg error path. syzbot reported that actlen in kalmiasendinitpacket is uninitialized when it is passed to the first usbbulkmsg error path. Jiri Pirko noted that it’s pointless to...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fixed an invalid unregistererrorpath path. The error path of seg6init is incorrect when the CONFIGIPV6SEG6LWTUNNEL configuration option is not defined. In such cases, if seg6hmacinit fails, the genlunregisterfamily...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Staging: fbtft: fixed a potential memory leak in fbtftframebufferalloc. In the error paths after the fbinfo structure is successfully allocated, the memory allocated in fbdeferredioinit for info-pagerefs is not freed. This issue...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs – fixed a potential memory leak in rtwinitcmdpriv. In rtwinitcmdpriv, if pcmdpriv-rspallocatedbuf is allocated incorrectly, then pcmdpriv-cmdallocatedbuf will not be released properly. Additionally, since there...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fixed the memory leak related to ‘conf-biosplit’. In the error path of raid10run, ‘conf’ needs to be freed. However, ‘conf-biosplit’ is not freed, resulting in a memory leak. Since there are three places where ‘conf’...

EUVD-2026-38001

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not...

CVE-2026-34192

CVE-2026-34192 affects GPU driver components (GPU DDK) where MMU page tables are freed without proper cleanup in an error path, allowing a non-privileged user to trigger use-after-free of physical memory. The issue is caused by _MMU_AllocLevel error recovery paths that leave dangling page table e...

SUSE CVE-2026-52904

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkmdevice leak on aperture removal failure When apertureremoveconflictingpcidevices fails during probe, the error path returns directly without unwinding the nvkmdevice that was just allocated by nvkmdevicepcine...

EUVD-2026-35433

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkmdevice leak on aperture removal failure When apertureremoveconflictingpcidevices fails during probe, the error path returns directly without unwinding the nvkmdevice that was just allocated by nvkmdevicepcine...

CVE-2026-52904

The CVE-2026-52904 entry covers a Linux kernel issue in drm/nouveau where nvkm_device leaks occur if aperture_remove_conflicting_pci_devices() fails during probe. The allocated nvkm_device from nvkm_device_pci_new() is not unwound on error, leaking both the device wrapper and the pci_enable_devic...

SUSE CVE-2026-46299

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...

Linux Distros Unpatched Vulnerability : CVE-2026-46299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the...

CVE-2026-46299

A flaw was found in the hfsplus filesystem component of the Linux kernel. An issue exists in the hfsplusfillsuper function where a lock is not properly released during an error handling path. This can occur when certain conditions cause hfspluscatbuildkey to fail during filesystem initialization....

CVE-2026-46299

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...

UBUNTU-CVE-2026-46299

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...