2026 matches found
SUSE CVE-2025-68813
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...
CVE-2026-22857
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by irp-Complete and then accessed again on the error path. This vulnerability is fixed in 3.20.1...
CVE-2026-22857 FreeRDP has a heap-use-after-free in irp_thread_func
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by irp-Complete and then accessed again on the error path. This vulnerability is fixed in 3.20.1...
CVE-2026-22857
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by irp-Complete and then accessed again on the error path. This vulnerability is fixed in 3.20.1...
SUSE CVE-2025-71073
In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbdinterrupt schedules lk-tq via schedulework, and the work handler lkkbdreinit dereferences the lkkbd structure and its serio/inputdev fields. lkkbddisconnect and error...
UBUNTU-CVE-2025-68813
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...
UBUNTU-CVE-2025-71069
In the Linux kernel, the following vulnerability has been resolved: f2fs: invalidate dentry cache on failed whiteout creation F2FS can mount filesystems with corrupted directory depth values that get runtime-clamped to MAXDIRHASHDEPTH. When RENAMEWHITEOUT operations are performed on such...
CVE-2025-68813
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...
CVE-2025-68813 ipvs: fix ipv4 null-ptr-deref in route error path
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...
CVE-2025-68782 scsi: target: Reset t_task_cdb pointer in error case
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset ttaskcdb pointer in error case If allocation of cmd-ttaskcdb fails, it remains NULL but is later dereferenced in the 'err' path. In case of error, reset NULL ttaskcdb value to point at the default fixed-size...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fstruncate syzbot reports a bug as below: loop0: detected capacity change from 0 to 40427 F2FS-fs loop0: Wrong SSA boundary, start3584 end4096 blocks3072 F2FS-fs loop0: Can't fi...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: i40e: fixed the issue of freeing IRQs in the i40evsirequestirqmsix error path. If requestirq in i40evsirequestirqmsix fails in an iteration later than the first one, the error path attempts to free the IRQs that have been request...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not setting skb-dev in a routing error path, which could lead to a null pointer dereference...
PT-2026-2545
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.114 Description The Linux kernel contains a flaw within the IPv4 code path in the ip vs get out rt function. This function can call dst link failure without verifying that skb-dev is set, leading to a NULL...
Linux Distros Unpatched Vulnerability : CVE-2025-68813
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL...
CVE-2026-22032 Directus has open redirect in SAML
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the RelayState parameter is intended to preserve the user's original...
CVE-2026-21674 iccDEV has a Memory Leak in its CIccProfileXml::ParseTag() Error Path
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path iccFromXml. This issue is fixed in version 2.3.1.1...
SUSE CVE-2025-68754
In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...
CVE-2025-68754
CVE-2025-68754 affects the Linux kernel rtc driver for amlogic-a4. The issue is a double free caused by manually disabling the clock obtained via devm_clk_get_enabled() in error paths, which conflicts with the devm framework’s automatic clock lifecycle management. The recommended remediation is t...
CVE-2025-68754 rtc: amlogic-a4: fix double free caused by devm
In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...