148 matches found
agp/amd64: Fix broken error propagation in agp_amd64_probe()
...
UBUNTU-CVE-2026-53325
In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agpamd64probe A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment e.g. qemu/kvm without a physical AMD northbridge. The crash occurs...
CVE-2026-53325
In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agpamd64probe A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment e.g. qemu/kvm without a physical AMD northbridge. The crash occurs...
SUSE CVE-2026-52989
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...
UBUNTU-CVE-2026-53233
In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...
CVE-2026-53233
CVE-2026-53233 concerns the Linux kernel: a double-free in netdev_nl_bind_rx_doit() linked to how genlmsg_reply() consumes the skb. The error path calls nlmsg_free(rsp) and the code should not unbind; instead the error is propagated to the user. This aligns with the description that such issues s...
EUVD-2026-39324
In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...
CVE-2026-53171 accel/ethosu: fix arithmetic issues in dma_length()
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dmalength dmalength derives DMA region usage from command stream values and updates regionsize: len = len + stride0 size0 + stride1 size1 regionsizeregion = max..., len + dma-offset Several...
CVE-2026-53171
The CVE affects the Linux kernel’s accel/ethosu driver. The dma_length() function can under- or overflow while deriving DMA region usage, causing region_size[] to be under-reported and potentially bypassing bounds checks in ethosu_job.c. The issue arises from arithmetic in len calculations, signe...
CVE-2026-52989 nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...
CVE-2026-52989
CVE-2026-52989 affects the Linux kernel nvmet-tcp component. The root cause is that nvmet_tcp_build_pdu_iovec() detects out-of-bounds PDU length/offset but does not propagate the error to callers; it returns void and triggers nvmet_tcp_fatal_error(cmd->queue) without alerting the caller, leavi...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: efivarfs: fixed error propagation in efivarentryget The efivarentryget function always returns success, even if the underlying efivarentryget function fails, thereby masking errors. This may result in uninitialized heap memory...
EUVD-2026-32223
In the Linux kernel, the following vulnerability has been resolved: gpib: Fix memory leak in niusbinit In niusbinit, if niusbsetupinit fails, the function returns -EFAULT without freeing the allocated writes buffer, leading to a memory leak. Additionally, niusbsetupinit returns 0 on failure, whic...
CVE-2025-15649
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...
PT-2026-43806
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the ni usb init function. When ni usb setup init fails, the system returns an -EFAULT error without freeing the allocated writes buffer. Furthermore, ni usb setup...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: schedext: The crash that occurred during the creation of helper kthreads due to scxenable has been fixed. A crash was observed when the schedext selftest runner was terminated with Ctrl+\ while test 15 was running: NIP...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: qlcnic: Prevent “dbc use-after-free” in qlcnicdcbenable. The adapter-dcb pointer would be silently freed within qlcnicdcbenable if qlcnicdcbattach returns an error—a situation that always occurs under OOM conditions. This could...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: cifs: Return the correct error code from smb2getenckey Avoid a warning if the error is passed back up: 440700.376476 CIFS VFS: \otters.example.com cryptmessage: Could not get encryption key 440700.386947 ------------ Cut here...
CVE-2026-43357
In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pmruntime error handling The return value of pmruntimegetsync is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also unconditionally incremented...
CVE-2026-43348
In the Linux kernel, the following vulnerability has been resolved: mshvvtl: Fix vmemmapshift exceeding MAXFOLIOORDER When registering VTL0 memory via MSHVADDVTL0MEMORY, the kernel computes pgmap-vmemmapshift as the number of trailing zeros in the OR of startpfn and lastpfn, intending to use the...