2026 matches found
CVE-2025-40247
CVE-2025-40247 affects the Linux kernel drm/msm path. The issue arises in msm_vma_job_free via an ioctl path cleanup when prealloc_cleanup() runs without a preceding successful prealloc_allocate(), leading to a NULL-pointer/translation fault in the pgtable preallocation flow. Public details descr...
CVE-2025-40247 drm/msm: Fix pgtable prealloc error path
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix pgtable prealloc error path The following splat was reported: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT current EL, ...
CVE-2025-40247 drm/msm: Fix pgtable prealloc error path
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix pgtable prealloc error path The following splat was reported: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT current EL, ...
kernel: ALSA: bcd2000: Fix a UAF bug on the error path of probing
In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: Fix a UAF bug on the error path of probing When the driver fails in sndcardregister at probe time, it will free the 'bcd2k-midiouturb' before killing it, which may cause a UAF bug. The following log can reveal it:...
EUVD-2025-198438
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak of qgrouplist in btrfsaddqgrouprelation When btrfsaddqgrouprelation is called with invalid qgroup levels src = dst, the function returns -EINVAL directly without freeing the preallocated qgrouplist structur...
CVE-2025-40209
CVE-2025-40209 affects the Linux kernel. The btrfs path btrfs_add_qgroup_relation() leaks memory when called with invalid qgroup levels (src >= dst) due to an early return before freeing the preallocated qgroup_list. The leak occurs because cleanup is bypassed on that error path; the caller’s ...
PT-2026-2514
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's SCSI target functionality. Specifically, if memory allocation for cmd-t task cdb fails, the pointer remains NULL and is subsequently dereferenced,...
SUSE CVE-2025-40137
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fstruncate syzbot reports a bug as below: loop0: detected capacity change from 0 to 40427 F2FS-fs loop0: Wrong SSA boundary, start3584 end4096 blocks3072 F2FS-fs loop0: Can't fi...
CVE-2025-40137
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fstruncate syzbot reports a bug as below: loop0: detected capacity change from 0 to 40427 F2FS-fs loop0: Wrong SSA boundary, start3584 end4096 blocks3072 F2FS-fs loop0: Can't fi...
EUVD-2025-124939
In the Linux kernel, the following vulnerability has been resolved: nvdimm: ndtest: Return -ENOMEM if devmkcalloc fails in ndtestprobe devmkcalloc may fail. ndtestprobe allocates three DMA address arrays dcrdma, labeldma, dimmdma and later unconditionally uses them in ndtestnvdimminit, which can...
CVE-2025-40137
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fstruncate syzbot reports a bug as below: loop0: detected capacity change from 0 to 40427 F2FS-fs loop0: Wrong SSA boundary, start3584 end4096 blocks3072 F2FS-fs loop0: Can't fi...
UBUNTU-CVE-2025-40137
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fstruncate syzbot reports a bug as below: loop0: detected capacity change from 0 to 40427 F2FS-fs loop0: Wrong SSA boundary, start3584 end4096 blocks3072 F2FS-fs loop0: Can't fi...
CVE-2025-40137
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fstruncate syzbot reports a bug as below: loop0: detected capacity change from 0 to 40427 F2FS-fs loop0: Wrong SSA boundary, start3584 end4096 blocks3072 F2FS-fs loop0: Can't fi...
CVE-2025-40137 f2fs: fix to truncate first page in error path of f2fs_truncate()
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fstruncate syzbot reports a bug as below: loop0: detected capacity change from 0 to 40427 F2FS-fs loop0: Wrong SSA boundary, start3584 end4096 blocks3072 F2FS-fs loop0: Can't fi...
CVE-2025-40137 f2fs: fix to truncate first page in error path of f2fs_truncate()
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fstruncate syzbot reports a bug as below: loop0: detected capacity change from 0 to 40427 F2FS-fs loop0: Wrong SSA boundary, start3584 end4096 blocks3072 F2FS-fs loop0: Can't fi...
kernel: usbnet: fix memory leak in error case
In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnetwritecmdasync mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer...
kernel: wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Clear affinity hint before calling ath11kpcicfreeirq in error path If a shared IRQ is used by the driver due to platform limitation, then the IRQ affinity hint is set right after the allocation of IRQ vectors in...
kernel: wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Clear affinity hint before calling ath11kpcicfreeirq in error path If a shared IRQ is used by the driver due to platform limitation, then the IRQ affinity hint is set right after the allocation of IRQ vectors in...
kernel: media: intel/ipu6: remove cpu latency qos request on error
In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: remove cpu latency qos request on error Fix cpu latency qos list corruption like below. It happens when we do not remove cpu latency request on error path and free corresponding memory. 30.634378 l7 kernel:...
wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path
...