375 matches found
CVE-2026-23339
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on ncitransceive early error paths ncitransceive takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCIDATAEXCHAN...
CVE-2026-23339
CVE-2026-23339 is resolved in the Linux kernel through fixes around NFC/NCI skb handling (nci_transceive error paths releasing skb) as cited by multiple OSV entries and kernel patches. Connected advisories show Root: Debian/Ubuntu/Mageia patches for rootio-linux, with multiple fixed versions (e.g...
SUSE CVE-2025-71268
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction, we return from cowfilerangeinline without freeing the reserved qgroup data, resulting in a leak. Fi...
CVE-2025-71268
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction, we return from cowfilerangeinline without freeing the reserved qgroup data, resulting in a leak. Fi...
UBUNTU-CVE-2025-71268
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction, we return from cowfilerangeinline without freeing the reserved qgroup data, resulting in a leak. Fi...
CVE-2025-71268 btrfs: fix reservation leak in some error paths when inserting inline extent
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction, we return from cowfilerangeinline without freeing the reserved qgroup data, resulting in a leak. Fi...
CVE-2025-71268
The CVE-2025-71268 issue is a Linux kernel vulnerability in btrfs where a reservation leak can occur on some error paths when inserting an inline extent. The root cause is that __cow_file_range_inline() may exit without freeing reserved qgroup data if allocation of a path or join of a transaction...
CVE-2026-31888 Shopware has user enumeration via distinct error codes on Store API login endpoint
Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown...
kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies
A flaw was found in the kernel subsystem handling of the DRM scheduler. Under certain error conditions, the function drmschedjobadddependency consumes a fence reference and then later erroneously attempts to free it again double free. This may lead to memory corruption and, in some configurations...
CVE-2026-25796
CVE-2026-25796 affects ImageMagick: the ReadSTEGANOImage() function (coders/stegano.c) fails to free the watermark object on three early-return paths, causing a definite memory leak (~13.5 KB per invocation) that can be exploited for denial of service. The issue is mitigated by patches in version...
ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths
...
CVE-2025-12343
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnnbackendtf.c source file. The issue occurs in the dnnexecutemodeltf function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free conditio...
CVE-2025-12343
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnnbackendtf.c source file. The issue occurs in the dnnexecutemodeltf function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free conditio...
CVE-2026-23220
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by nextsmb2rcvhdroff reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In processrequest, if checksignreq returns an error, setsmb2rspstatuswork...
CVE-2026-23220
CVE-2026-23220 – Linux kernel ksmbd infinite loop fix : In ksmbd, when a signed SMB2 request fails verification, __process_request() triggers an error path that calls set_smb2_rsp_status() and resets next_smb2_rcv_hdr_off to zero. This loses the pointer to the next command in the chain, so is_cha...
CVE-2026-23132
CVE-2026-23132 : Linux kernel vulnerability in the dw-dp bridge (drm/bridge: synopsys: dw-dp) resolved. The issue concerned error handling in dw_dp_bind(), with three problems: (1) Missing return after drm_bridge_attach() failure, causing continued execution; (2) Resource leak where drm_dp_aux_un...
kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies
A flaw was found in the kernel subsystem handling of the DRM scheduler. Under certain error conditions, the function drmschedjobadddependency consumes a fence reference and then later erroneously attempts to free it again double free. This may lead to memory corruption and, in some configurations...
SUSE CVE-2026-23091
In the Linux kernel, the following vulnerability has been resolved: intelth: fix device leak on output open Make sure to drop the reference taken when looking up the th device during output device open on errors and on close. Note that a recent commit fixed the leak in a couple of open error path...
CVE-2026-23079
In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Fix resource leaks on errors in lineinfochangednotify On error handling paths, lineinfochangednotify doesn't free the allocated resources which results leaks. Fix it...
CVE-2026-23091
In the Linux kernel, the following vulnerability has been resolved: intelth: fix device leak on output open Make sure to drop the reference taken when looking up the th device during output device open on errors and on close. Note that a recent commit fixed the leak in a couple of open error path...