Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Another leak in the submit error path has been fixed. putunusedfd does not free the allocated file if we have already performed fdinstall. Therefore, we also need to free the syncfile. Patchwork:...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k: The affinity hint was cleared before calling ath12kpcifreeirq in the error path. If a shared IRQ is used by the driver due to platform limitations, then the IRQ affinity hint is set correctly after the allocation of...

EUVD-2023-60041

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting XSS via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

UBUNTU-CVE-2025-40101

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST At the end of btrfsloadblockgroupzoneinfo the first thing we do is to ensure that if the mapping type is not a SINGLE one and there is no RAID stripe...

SUSE CVE-2025-40069

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix obj leak in VMBIND error path If we fail a handle-lookup part way thru, we need to drop the already obtained obj references. Patchwork: https://patchwork.freedesktop.org/patch/669784/...

Siemens SIMATIC Devices Incomplete Cleanup (CVE-2024-38612)

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6init is wrong in case CONFIGIPV6SEG6LWTUNNEL is not defined. In that case if seg6hmacinit fails, the genlunregisterfamily isn't called. This issue exist since comm...

UBUNTU-CVE-2025-40069

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix obj leak in VMBIND error path If we fail a handle-lookup part way thru, we need to drop the already obtained obj references. Patchwork: https://patchwork.freedesktop.org/patch/669784/...

PT-2025-47717

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the btrfs file system within the Linux kernel, specifically in the btrfs add qgroup relation function. This occurs when the function is called with invalid qgroup...

SUSE CVE-2022-50565

In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: fix potential memory leak in lfxusbenablerx urbs does not be freed in exception paths in lfxusbenablerx. That will trigger memory leak. To fix it, add kfree for urbs within "error" label. Compile tested only...

SUSE CVE-2023-53698

In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is running out of memory. If xpalloctxdescs fails, and it can only fail due to not having enough memory,...

CVE-2023-53698

In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is running out of memory. If xpalloctxdescs fails, and it can only fail due to not having enough memory,...

DEBIAN-CVE-2023-53698

In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is running out of memory. If xpalloctxdescs fails, and it can only fail due to not having enough memory,...

CVE-2022-50578

In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in classregister If classaddgroups returns error, the 'cp-subsys' need be unregister, and the 'cp' need be freed. We can not call ksetunregister here, because the 'cls' will be freed in callback...

UBUNTU-CVE-2023-53698

In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is running out of memory. If xpalloctxdescs fails, and it can only fail due to not having enough memory,...

CVE-2023-53698 xsk: fix refcount underflow in error path

In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is running out of memory. If xpalloctxdescs fails, and it can only fail due to not having enough memory,...

CVE-2023-53698

CVE-2023-53698 affects the Linux kernel xsk path; a refcount underflow can occur when xp_alloc_tx_descs() fails under memory pressure because the pool reference on the socket isn’t nulled, causing a second decrement during socket teardown. The fix is described as a single-line change in the error...

CVE-2023-53698 xsk: fix refcount underflow in error path

In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is running out of memory. If xpalloctxdescs fails, and it can only fail due to not having enough memory,...

CVE-2023-53696 scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00probeone There is a memory leak reported by kmemleak: unreferenced object 0xffffc900003f0000 size 12288: comm "modprobe", pid 19117, jiffies 4299751452 age 42490.264s hex dump first 32...

CVE-2022-50578 class: fix possible memory leak in __class_register()

In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in classregister If classaddgroups returns error, the 'cp-subsys' need be unregister, and the 'cp' need be freed. We can not call ksetunregister here, because the 'cls' will be freed in callback...

CVE-2022-50572 ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link()

In the Linux kernel, the following vulnerability has been resolved: ASoC: audio-graph-card: fix refcount leak of cpuep in graphforeachlink The ofgetnextchild returns a node with refcount incremented, and decrements the refcount of prev. So in the error path of the while loop, ofnodeput needs be...