73798 matches found
CVE-2026-43164
CVE-2026-43164 affects the Linux kernel UDP-Lite implementation. The issue is a null-pointer dereference in __udp_enqueue_schedule_skb() triggered during UDP-Lite socket initialization, as reported by syzbot. Post-commit changes allow udp_lib_init_sock(), udp_init_sock(), and udpv6_init_sock() to...
CVE-2026-43162 media: tegra-video: Fix memory leak in __tegra_channel_try_format()
In the Linux kernel, the following vulnerability has been resolved: media: tegra-video: Fix memory leak in tegrachanneltryformat The state object allocated by v4l2subdevstatealloc must be freed with v4l2subdevstatefree when it is no longer needed. In tegrachanneltryformat, two error paths return...
CVE-2026-43162
In the Linux kernel, the media: tegra-video path has a memory leak in __tegra_channel_try_format() caused by failing to free the allocated __v4l2_subdev_state (sd_state) in two error paths after v4l2_subdev_call() failures. The fix introduces a cleanup label and goto-based error handling to ensur...
CVE-2026-43152 HID: hid-pl: handle probe errors
In the Linux kernel, the following vulnerability has been resolved: HID: hid-pl: handle probe errors Errors in init must be reported back or we'll follow a NULL pointer the first time FF is used...
CVE-2026-43151
CVE-2026-43151 : Linux kernel issue resolved by reverting the Iris video driver stop streaming sanity check. The revert re-enabled stop_streaming when the IRIS_INST_ERROR path, correcting prior regressions where buffers were not returned to vb2 and teardown could fail, leaving firmware in an inco...
CVE-2026-43151 Revert "media: iris: Add sanity check for stop streaming"
In the Linux kernel, the following vulnerability has been resolved: Revert "media: iris: Add sanity check for stop streaming" This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. Revert the check that skipped stopstreaming when the instance was in IRISINSTERROR, as it caused multiple...
CVE-2026-43151
In the Linux kernel, the following vulnerability has been resolved: Revert "media: iris: Add sanity check for stop streaming" This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. Revert the check that skipped stopstreaming when the instance was in IRISINSTERROR, as it caused multiple...
CVE-2026-43141
In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero, in such scenario rounddownpowoftwo will cause undefined behaviour and should not be performed. This...
CVE-2026-43139
The CVE-2026-43139 entry concerns the Linux kernel xfrm6 subsystem. The issue arises in xfrm6_get_saddr() which does not check the return value of ipv6_dev_get_saddr(); when ipv6_dev_get_saddr() fails with -EADDRNOTAVAIL, saddr->in6 remains uninitialized and xfrm6_get_saddr() incorrectly retur...
CVE-2026-43139 xfrm6: fix uninitialized saddr in xfrm6_get_saddr()
In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6getsaddr xfrm6getsaddr does not check the return value of ipv6devgetsaddr. When ipv6devgetsaddr fails to find a suitable source address returns -EADDRNOTAVAIL, saddr-in6 is left uninitialize...
CVE-2026-43135 media: cx23885: Add missing unmap in snd_cx23885_hw_params()
In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in sndcx23885hwparams In error path, add cx23885alsadmaunmap to release the resource acquired by cx23885alsadmamap...
CVE-2026-43131
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here...
CVE-2025-71272
In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early before registering the device. In these cases, it returned an error code...
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early before registering the device. In these cases, it returned an error code...
CVE-2025-71272
The CVE-2025-71272 entry concerns a Linux kernel resource-leak in most_register_interface(). When initialization fails before device registration, memory for the interface could be leaked. The fix initializes the device early with device_initialize(), calls put_device() on all error paths, and sw...
CVE-2025-71272
In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early before registering the device. In these cases, it returned an error code...
CVE-2025-59853
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...
CVE-2025-59853
Technical details (affected software/versions/root cause/impact) are not publicly provided in the supplied documents; monitor for updates from vendors and authorities.
CVE-2025-59853
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...
CVE-2025-59853 HCL DFXAnalytics is affected by an Improper Error Handling vulnerability
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...