CVE-2026-31732

In the Linux kernel, the following vulnerability has been resolved: gpio: Fix resource leaks on errors in gpiochipadddatawithkey Since commit aab5c6f20023 "gpio: set device type for GPIO chips", gdev-dev.release is unset. As a result, the reference count to gdev-dev isn't dropped on the error...

CVE-2026-31732

Summary (fact-grounded): CVE-2026-31732 affects the Linux kernel GPIO subsystem, where an unset gdev->dev.release led to resource leaks on error paths in gpiochip_add_data_with_key(). The fix drops the reference on errors and reorders error handling to prevent double-free, with the change desc...

CVE-2026-31732 gpio: Fix resource leaks on errors in gpiochip_add_data_with_key()

In the Linux kernel, the following vulnerability has been resolved: gpio: Fix resource leaks on errors in gpiochipadddatawithkey Since commit aab5c6f20023 "gpio: set device type for GPIO chips", gdev-dev.release is unset. As a result, the reference count to gdev-dev isn't dropped on the error...

CVE-2026-31730

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx-remoteheap fastrpcinitcreatestaticprocess may free cctx-remoteheap on the errmap path but does not clear the pointer. Later, fastrpcrpmsgremove frees cctx-remoteheap again if it is...

CVE-2026-31730 misc: fastrpc: possible double-free of cctx->remote_heap

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx-remoteheap fastrpcinitcreatestaticprocess may free cctx-remoteheap on the errmap path but does not clear the pointer. Later, fastrpcrpmsgremove frees cctx-remoteheap again if it is...

EUVD-2026-26543

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx-remoteheap fastrpcinitcreatestaticprocess may free cctx-remoteheap on the errmap path but does not clear the pointer. Later, fastrpcrpmsgremove frees cctx-remoteheap again if it is...

CVE-2026-31730

CVE-2026-31730 affects the Linux kernel fastrpc component, where a double-free of cctx->remote_heap could occur if INIT_CREATE_STATIC ioctl hits an error path and the rpmsg device is removed. The root cause is that fastrpc_init_create_static_process() frees cctx->remote_heap on the err_map ...

EUVD-2026-26528

In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this...

CLSA-2026-1777626401 python3: Fix of 3 CVEs

CVE-2026-6100: clear dangling nextin pointer on MemoryError in bz2/lzma decompressors to avoid use-after-free on instance reuse - CVE-2026-4786: validate the post-substitution URL in webbrowser UnixBrowser.open so that "%action" cannot smuggle a dash-prefixed flag past the CVE-2026-4519...

net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption

...

SUSE CVE-2026-7111

Text::CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getlineall methods invoke registered callbacks for example afterparse, beforeprint, or...

PT-2026-36471

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The tcm loop target reset function violates the SCSI Error Handler EH contract by returning success without draining in-flight commands. This allows the SCSI EH to reuse scsi cmnd...

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

Open Cascade OCCT 缓冲区错误漏洞

Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A buffer error vulnerability exists in Open Cascade OCCT version V800rc5, which stems from two heap-based out-of-bounds reads in the RWStlReader::ReadAscii function in the STL ASCII file parse...

PT-2026-36369

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sched ext component where the is bpf migration disabled function produces a false negative on systems where CONFIG PREEMPT RCU is disabled. This occurs because the...

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

CVE-2026-42483

A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is...

Automotive Grade Linux app-framework-binder 访问控制错误漏洞

Automotive Grade Linux app-framework-binder is an application framework communication component from Automotive Grade Linux, Inc. An Access Control Error vulnerability exists in Automotive Grade Linux app-framework-binder version 19.90.0 and earlier, which stems from a lack of authentication on...

Oracle Linux 缓冲区错误漏洞

Oracle Linux is an open and complete operating environment from Oracle Corporation that provides virtualization, management and cloud-native computing tools, and operating systems. A buffer error vulnerability exists in Oracle Linux that stems from the ELF parser failing to perform bounds checkin...

Imagination Graphics DDK 资源管理错误漏洞

Imagination Graphics DDK is a suite of GPU driver tools from Imagination UK. The Imagination Graphics DDK suffers from a Resource Management Error vulnerability that originates when WebGPU content is loaded into the GPU GLES rendering process triggering a write-release-after-reuse crash, which...