UBUNTU-CVE-2026-43317

In the Linux kernel, the following vulnerability has been resolved: most: core: fix leak on early registration failure A recent commit fixed a resource leak on early registration failures but for some reason left out the first error path which still leaks the resources associated with the...

CVE-2026-43332

In the Linux kernel thermal subsystem, CVE-2026-43332 affects the thermal_zone_device_register_with_trips() error path. The root cause is a missing wait_for_completion() after registering a thermal zone device, which can allow the thermal zone object to be freed prematurely if user space holds a ...

CVE-2026-43332

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone device registration error path If thermalzonedeviceregisterwithtrips fails after registering a thermal zone device, it needs to wait for the tz-removal completion like thermalzonedeviceunregister, ...

CVE-2026-43332

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone device registration error path If thermalzonedeviceregisterwithtrips fails after registering a thermal zone device, it needs to wait for the tz-removal completion like thermalzonedeviceunregister, ...

CVE-2026-43328

In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: fix double free in cpufreqdbsgovernorinit error path When kobjectinitandadd fails, cpufreqdbsgovernorinit calls kobjectputdata-attrset.kobj. The kobject release callback cpufreqdbsdatarelease calls...

CVE-2026-43328

Root cause: in the Linux kernel cpufreq governor, the error path in cpufreq_dbs_governor_init() could trigger a double free when kobject_init_and_add() fails. The kobject release path previously attempted cleanup via gov->exit(dbs_data) and kfree(dbs_data) twice. The fix keeps a direct kfree(d...

CVE-2026-43317

CVE-2026-43317 affects the Linux kernel under the internal module path described as the “most: core” component. The issue is a resource leak that occurs during early registration failures, where resources associated with the interface are not properly released. A recent commit fixes a leak in the...

CVE-2026-43317 most: core: fix leak on early registration failure

In the Linux kernel, the following vulnerability has been resolved: most: core: fix leak on early registration failure A recent commit fixed a resource leak on early registration failures but for some reason left out the first error path which still leaks the resources associated with the...

CVE-2026-43317

In the Linux kernel, the following vulnerability has been resolved: most: core: fix leak on early registration failure A recent commit fixed a resource leak on early registration failures but for some reason left out the first error path which still leaks the resources associated with the...

CVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...

CVE-2025-71299

CVE-2025-71299 affects the Linux kernel driver spi_cadence_quadspi. The root cause is a runtime PM interaction during probe: a pm_runtime_disable in error paths could lead to duplicate clock disables when PM is active, especially with missing/broken DT descriptions for flash devices. The document...

PT-2026-38968

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs in the core component of the most module during early registration failures. Specifically, the first error path fails to release the resources associated with the...

PT-2026-39016

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A power management PM runtime leak exists in the bh1780 light sensor driver. The issue occurs because the pm runtime put autosuspend function is not called on the error path following a ...

PT-2026-39019

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A missing RCU Read-Copy-Update unlock in the error path of the try release subpage extent buffer function within the btrfs module can occur. This happens because a rcu read unlock call...

PT-2026-38983

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the thermal core where the thermal zone device register with trips function fails to properly handle the error path during thermal zone device registration. If the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a double release in the error path of cpufreqdbsgovernorinit. After kobjectput, the functions exi...

Linux Distros Unpatched Vulnerability : CVE-2026-43328

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpufreq: governor: fix double free in cpufreqdbsgovernorinit error path When kobjectinitandadd fails, cpufreqdbsgovernorinit calls...

PT-2026-38979

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the cpufreq dbs governor init function error path. When the kobject init and add function fails, the system calls kobject put&dbs data-attr set.kobj, which...

CVE-2026-43246

A flaw was found in the Linux kernel's tw9906 driver. An issue in an error path within the tw9906probe function can lead to a memory leak. Specifically, memory allocated during the initialization of the video for Linux 2 V4L2 control handler is not properly released, which could result in system...

SUSE CVE-2026-31745

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: fix double free in resetaddgpioauxdevice error path When auxiliarydeviceadd fails, resetaddgpioauxdevice calls auxiliarydeviceuninitadev. The device release callback resetgpioauxdevicerelease frees adev, but the...