PT-2025-53183

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists within the mlx5e init rep rx function in the net/mlx55 module. Specifically, the memory allocated and pointed to by the rx res pointer is not freed during error...

kernel: ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()

A flaw was found in the Linux kernel's ASoC da7219 audio codec driver. An error handling path in da7219registerdaiclks incorrectly attempts to unregister a clock that was never successfully registered. This could lead to incorrect resource cleanup during driver probe failure, potentially causing...

kernel: ALSA: bcd2000: Fix a UAF bug on the error path of probing

In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: Fix a UAF bug on the error path of probing When the driver fails in sndcardregister at probe time, it will free the 'bcd2k-midiouturb' before killing it, which may cause a UAF bug. The following log can reveal it:...

kernel: netfilter: nf_tables: possible module reference underflow in error path

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: possible module reference underflow in error path dst-ops is set on when nftexprclone fails, but module refcount has not been bumped yet, therefore nftexprdestroy leads to module reference underflow...

UBUNTU-CVE-2023-31974

DISPUTED yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...

kernel: ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()

A flaw was found in the Linux kernel's ASoC da7219 audio codec driver. An error handling path in da7219registerdaiclks incorrectly attempts to unregister a clock that was never successfully registered. This could lead to incorrect resource cleanup during driver probe failure, potentially causing...

kernel: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: es58xrxerrmsg: fix memory leak in error path In es58xrxerrmsg, if can-dosetmode fails, the function directly returns without calling netifrxskb. This means that the skb previously allocated by alloccanerrskb is no...

kernel: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()

In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfptunneladdsharedmac idasimpleget returns an id between min 0 and max NFPMAXMACINDEX inclusive. So NFPMAXMACINDEX 0xff is a valid id. In order for the error handling path to work correctly, t...

kernel: RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()

A flaw was found in the qedr module in the Linux kernel. A missing release of allocated memory when an error occurs will cause a memory leak, potentially impacting system performance and resulting in a denial of service...

kernel: firmware: sysfb: fix platform-device leak in error path

In the Linux kernel, the following vulnerability has been resolved: firmware: sysfb: fix platform-device leak in error path Make sure to free the platform device also in the unlikely event that registration fails...

kernel: PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()

In the Linux kernel, the following vulnerability has been resolved: PCI: microchip: Fix refcount leak in mcpcieinitirqdomains ofgetnextchild returns a node pointer with refcount incremented, so we should use ofnodeput on it when we don't need it anymore. mcpcieinitirqdomains only calls ofnodeput ...

SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2023:0778-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0778-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. - CVE-2022-36280: Fixed out-of-bounds...

GSD-2023-1002411 net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

net/usb: kalmia: Don't pass actlen in usbbulkmsg error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.273 by commit...

GSD-2023-1002346 net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

net/usb: kalmia: Don't pass actlen in usbbulkmsg error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.95 by commit...

GSD-2023-1002305 net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

net/usb: kalmia: Don't pass actlen in usbbulkmsg error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.13 by commit...

PT-2023-35381 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.13 Description: The issue is related to the usb bulk msg function in the Linux Kernel's USB subsystem. It involves passing act len in the error path, which may have potential security implications. The actu...

CVE-2023-22995

In the Linux kernel before 5.17, an error path in dwc3qcomacpiregistercore in drivers/usb/dwc3/dwc3-qcom.c lacks certain platformdeviceput and kfree calls...

CVE-2023-22995

In the Linux kernel before 5.17, an error path in dwc3qcomacpiregistercore in drivers/usb/dwc3/dwc3-qcom.c lacks certain platformdeviceput and kfree calls...

SUSE CVE-2008-3914

Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in 1 libclamav/others.c and 2 libclamav/sis.c...

SUSE CVE-2012-4561

The 1 publickeymakedss, 2 publickeymakersa, 3 signaturefromstring, 4 sshdosign, and 5 sshsignsessionid functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service crash via unspecified vectors...