Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005161)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005161 advisory. In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it...

kernel: drm/xe: Use local fence in error path of xe_migrate_clear

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use local fence in error path of xemigrateclear The intent of the error path in xemigrateclear is to wait on locally generated fence and then return. The code is waiting on m-fence which could be the local fence but this ...

SUSE CVE-2025-71154

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usbsubmiturb failure In asyncsetregisters, when usbsubmiturb fails, the allocated asyncreq structure and URB are not freed, causing a memory leak. The completion callback asyncsetregcb is...

CVE-2025-71154

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usbsubmiturb failure In asyncsetregisters, when usbsubmiturb fails, the allocated asyncreq structure and URB are not freed, causing a memory leak. The completion callback asyncsetregcb is...

UBUNTU-CVE-2025-71148

In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...

CVE-2025-71154 net: usb: rtl8150: fix memory leak on usb_submit_urb() failure

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usbsubmiturb failure In asyncsetregisters, when usbsubmiturb fails, the allocated asyncreq structure and URB are not freed, causing a memory leak. The completion callback asyncsetregcb is...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004862)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004862 advisory. In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in sioxdeviceadd If deviceregister returns error in sioxdeviceadd,...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004829)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004829 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: serial: jsm: fix some leaks in probe This error path needs to unwind instead of just...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004893)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004893 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/cell/axonmsi: Fix refcount leak in setupmsimsgaddress ofgetnextparent returns a node...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004869)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004869 advisory. In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double atahostput in atatportadd In the error path in atatportadd, whe...

Azure Linux 3.0 Security Update: kernel (CVE-2024-41087)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41087 advisory. - In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on err...

Azure Linux 3.0 Security Update: kernel (CVE-2024-57980)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57980 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in erro...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46741)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46741 advisory. - In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix double free of 'buf' ...

SUSE CVE-2025-68782

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset ttaskcdb pointer in error case If allocation of cmd-ttaskcdb fails, it remains NULL but is later dereferenced in the 'err' path. In case of error, reset NULL ttaskcdb value to point at the default fixed-size...

SUSE CVE-2025-68813

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...

CVE-2026-22857

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by irp-Complete and then accessed again on the error path. This vulnerability is fixed in 3.20.1...

CVE-2026-22857 FreeRDP has a heap-use-after-free in irp_thread_func

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by irp-Complete and then accessed again on the error path. This vulnerability is fixed in 3.20.1...

CVE-2026-22857

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by irp-Complete and then accessed again on the error path. This vulnerability is fixed in 3.20.1...

SUSE CVE-2025-71073

In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbdinterrupt schedules lk-tq via schedulework, and the work handler lkkbdreinit dereferences the lkkbd structure and its serio/inputdev fields. lkkbddisconnect and error...

UBUNTU-CVE-2025-68813

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...