2026 matches found
PT-2026-37586
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the tw9906 probe function. In a specific error path, memory allocated by v4l2 ctrl handler init and v4l2 ctrl new std is not properly released. Recommendations At...
PT-2026-37448
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the rtw register hw function within the rtw88 wifi driver. This occurs because supported bands are not properly freed during the error path. The issue is addresse...
PT-2026-37558
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the tw9903 probe function. In a specific error path, memory allocated by v4l2 ctrl handler init and v4l2 ctrl new std is not properly released. Recommendations At...
PT-2026-37412
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix memory leak in airoha qdma rx process If an error occurs on the subsequents buffers belonging to the non-linear part of the skb e.g. due to an error in the payload length reported by the NIC or if we consumed all...
CVE-2026-43069 Bluetooth: hci_ll: Fix firmware leak on error path
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcill: Fix firmware leak on error path Smatch reports: drivers/bluetooth/hcill.c:587 downloadfirmware warn: 'fw' from requestfirmware not released on lines: 544. In downloadfirmware, if requestfirmware succeeds but the...
CVE-2026-43069
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcill: Fix firmware leak on error path Smatch reports: drivers/bluetooth/hcill.c:587 downloadfirmware warn: 'fw' from requestfirmware not released on lines: 544. In downloadfirmware, if requestfirmware succeeds but the...
CVE-2026-43069
CVE-2026-43069 concerns the Linux kernel Bluetooth stack (hci_ll). The issue arises when download_firmware() succeeds in request_firmware() but returns invalid content (no data/zero size), causing a resource leak because firmware is not released. The fix introduced is to call release_firmware() b...
CVE-2026-43066
CVE-2026-43066: In Linux kernel ext4_fc_replay_inode(), iloc.bh leak could occur on error paths due to missing brelse at several failure points. The patch adds an out_brelse label before the existing out label to ensure iloc.bh is released, and also makes ext4_fc_replay_inode() propagate errors i...
Linux Distros Unpatched Vulnerability : CVE-2026-43069
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hcill: Fix firmware leak on error path Smatch reports: drivers/bluetooth/hcill.c:587 downloadfirmware warn: 'fw' from requestfirmware not released on...
JLSEC-2026-415 libcurl skips the certificate verification for a QUIC connection under certain conditions, when...
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems...
Linux Distros Unpatched Vulnerability : CVE-2026-43056
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mana: fix use-after-free in addadev error path If auxiliarydeviceadd fails, addadev jumps to addfail and calls auxiliarydeviceuninitadev. The auxiliary...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fixed the reference count leak in mesonencoderhdmiinit. The offinddevicebynode function takes a reference; we should use putdevice to release that reference when it is no longer needed. Add the missing putdevice functi...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the probe error path The commit 7c75bde329d7 “usb: musb: musbdsps: requestirq after initializing musb” has corrected the calls to dspssetupoptionalvbusirq and dspscreatemusbpdev, but it did not update the err...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf, s390: Fixed a potential memory leak related to jitdata. Make sure that jitdata is freed through kfree in the error path...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: dma-buf/syncfile: Do not leak fences during merge failures. Each call to addfence performs a dmafenceget operation on the relevant fence. In error-prone scenarios, we did not call dmafenceput, resulting in all those fences bei...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: clk: tegra: tegra124-emc: Fixed a potential memory leak. The tegra and tegra variables need to be freed during the error handling process; otherwise, the issue may be exposed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Fix use-after-free on error path In the error path of sevtsminitlocked, the code dereferes t after it has been freed with kfree. The prerr statement attempts to access t-tioen and t-tioinitdone after the memory has...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/erdma: Fixed a reference count leak in erdmammap. The function rdmausermmapentryget takes a reference; we should release that reference when it is no longer needed. Add the missing rdmausermmapEntryPut function in the err...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fixed a reference count leak in stubprobe The usbgetdev function is called in stubdevicealloc. When stubprobe fails, usbputdev must be called to release the reference. This issue was fixed by moving usbputdev into the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fixed a memory leak in vmwmksstataddioctl If the copy of the description string from user space fails, then the page containing the instance descriptor does not get freed before returning -EFAULT, resulting in a memor...