UBUNTU-CVE-2025-71069

In the Linux kernel, the following vulnerability has been resolved: f2fs: invalidate dentry cache on failed whiteout creation F2FS can mount filesystems with corrupted directory depth values that get runtime-clamped to MAXDIRHASHDEPTH. When RENAMEWHITEOUT operations are performed on such...

CVE-2025-68813

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...

CVE-2025-68813 ipvs: fix ipv4 null-ptr-deref in route error path

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...

CVE-2025-68782 scsi: target: Reset t_task_cdb pointer in error case

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset ttaskcdb pointer in error case If allocation of cmd-ttaskcdb fails, it remains NULL but is later dereferenced in the 'err' path. In case of error, reset NULL ttaskcdb value to point at the default fixed-size...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: i40e: fixed the issue of freeing IRQs in the i40evsirequestirqmsix error path. If requestirq in i40evsirequestirqmsix fails in an iteration later than the first one, the error path attempts to free the IRQs that have been request...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate the first page in the error path of f2fstruncate The syzbot reports the following bug: loop0: A change in capacity was detected, from 0 to 40427. F2FS-fs loop0: Incorrect SSA boundaries: start at 3584, end a...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: cifs: A memory leak in the smb3fscontextParseParam error path has been fixed. Proper cleanup of ctx-source and fc-source was added to the cifsParseMountErr error handler. This ensures that the memory allocated for the source...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not setting skb-dev in a routing error path, which could lead to a null pointer dereference...

PT-2026-2545

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.114 Description The Linux kernel contains a flaw within the IPv4 code path in the ip vs get out rt function. This function can call dst link failure without verifying that skb-dev is set, leading to a NULL...

Linux Distros Unpatched Vulnerability : CVE-2025-68813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL...

CVE-2026-22032 Directus has open redirect in SAML

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the RelayState parameter is intended to preserve the user's original...

CVE-2026-21674 iccDEV has a Memory Leak in its CIccProfileXml::ParseTag() Error Path

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path iccFromXml. This issue is fixed in version 2.3.1.1...

SUSE CVE-2025-68754

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...

CVE-2025-68754

CVE-2025-68754 affects the Linux kernel rtc driver for amlogic-a4. The issue is a double free caused by manually disabling the clock obtained via devm_clk_get_enabled() in error paths, which conflicts with the devm framework’s automatic clock lifecycle management. The recommended remediation is t...

CVE-2025-68754 rtc: amlogic-a4: fix double free caused by devm

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...

Linux Distros Unpatched Vulnerability : CVE-2022-50857

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rapidio: rio: fix possible name leak in rioregistermport If deviceregister returns error, the name allocated by devsetname need be freed. It should use putdevic...

Linux Distros Unpatched Vulnerability : CVE-2022-50874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/erdma: Fix refcount leak in erdmammap rdmausermmapentryget take reference, we should release it when not need anymore, add the missing rdmausermmapentryput...

Linux Distros Unpatched Vulnerability : CVE-2023-54175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i2c: xiic: xiicxfer: Fix runtime PM leak on error path The xiicxfer function gets a runtime PM reference when the function is entered. This reference is release...

PT-2026-27709

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the crypto/ccp module. Specifically, the error path in the sev tsm init locked function dereferences a pointer t after the...

PT-2026-26578

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc8+ 33 Description The Linux kernel contains a flaw within the macvlan module. Specifically, a race condition exists in the macvlan common newlink function's error path, potentially leading to a...