373 matches found
net: openvswitch: fix possible kfree_skb of ERR_PTR
...
EUVD-2026-39896
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing error check for jack detection In cxprobe, the return value of sndhdajackdetectenablecallback is ignored. This function returns a pointer, and if it fails e.g., due to memory allocation failure, it...
CVE-2026-53291
CVE-2026-53291 affects the Linux kernel ALSA hda/conexant driver. The root cause is the ignored return value from snd_hda_jack_detect_enable_callback() in cx_probe(); if the call fails, an error pointer is returned and not checked, potentially leading to a crash when jack events are handled. The ...
CVE-2026-53028
A flaw was found in the Linux kernel's USB Type-C subsystem. This vulnerability occurs when an error pointer for tps-partner is checked but not handled, leading to its subsequent dereference. This unhandled error can cause a system crash, resulting in a Denial of Service DoS for the affected syst...
CVE-2026-53093
A flaw was found in the Linux kernel's Broadcom FullMAC wireless driver brcmfmac. The brcmfchipaddcore function does not properly check for error pointers, leading to a dereference of a possible error pointer. This vulnerability could allow a local attacker to cause a system crash, resulting in a...
CVE-2026-53244 VFS: fix possible failure to unlock in nfsd4_create_file()
In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...
CVE-2026-53227
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible kfreeskb of ERRPTR After the patch in the "Fixes" tag, the allocation of the "reply" skb can happen either before or after locking the ovsmutex. However, error cleanups still follow the classical...
EUVD-2026-39318
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible kfreeskb of ERRPTR After the patch in the "Fixes" tag, the allocation of the "reply" skb can happen either before or after locking the ovsmutex. However, error cleanups still follow the classical...
CVE-2026-53144 drm/amdkfd: fix NULL dereference in get_queue_ids()
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix NULL dereference in getqueueids When usrqueueidarray is NULL and numqueues is non-zero, getqueueids returns NULL. The callers check only ISERR on the return value; since ISERRNULL == false the check passes, and...
Linux Distros Unpatched Vulnerability : CVE-2026-53093
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: brcmfmac: Fix error pointer dereference The function brcmfchipaddcore can return an error pointer and is not checked. Add checks for error pointer. Detect...
PT-2026-52322
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the openvswitch component where the allocation of the reply skb socket buffer may occur either before or after locking the ovs mutex. If the allocation happens after...
Linux Distros Unpatched Vulnerability : CVE-2026-53066
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/sun4i: backend: fix error pointer dereference The function drmatomicgetplanestate can return an error pointer and is not checked for it. Add error pointer...
PT-2026-52270
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ovl iterate merged function where the err variable is assigned the value of PTR ERRcache before verifying if cache is an error using IS ERRcache. When the operatio...
EUVD-2026-38896
In the Linux kernel, the following vulnerability has been resolved: usb: typec: Fix error pointer dereference The variable tps-partner is checked for an error pointer and then if it is, it sends an error message but does not return and then immediately dereferenced a few lines below: tps-partner ...
CVE-2026-53093
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix error pointer dereference The function brcmfchipaddcore can return an error pointer and is not checked. Add checks for error pointer. Detected by Smatch:...
CVE-2026-53066
In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: backend: fix error pointer dereference The function drmatomicgetplanestate can return an error pointer and is not checked for it. Add error pointer check. Detected by Smatch: drivers/gpu/drm/sun4i/sun4ibackend.c:496...
CVE-2026-53028
In the Linux kernel, the following vulnerability has been resolved: usb: typec: Fix error pointer dereference The variable tps-partner is checked for an error pointer and then if it is, it sends an error message but does not return and then immediately dereferenced a few lines below: tps-partner ...
EUVD-2026-38961
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix error pointer dereference The function brcmfchipaddcore can return an error pointer and is not checked. Add checks for error pointer. Detected by Smatch:...
CVE-2026-53093
The CVE-2026-53093 entry concerns the Linux kernel wireless driver brcmfmac (Broadcom). The root cause was an error pointer returned by brcmf_chip_add_core() not being checked during chip recognition, leading to potential dereferencing of an ERR_PTR in brcmf_chip_recognition() at multiple lines. ...
EUVD-2026-38934
In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: backend: fix error pointer dereference The function drmatomicgetplanestate can return an error pointer and is not checked for it. Add error pointer check. Detected by Smatch: drivers/gpu/drm/sun4i/sun4ibackend.c:496...