spi: fix resource leaks on device setup failure

...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: “ice”: corrected the incorrect fallback logic for FDIR. When adding a FDIR filter, if icevcfdirsetirqctx returns an error, the inserted fdir entry will not be removed. Similarly, if icevcfdirwritefltr returns an error, the fdir...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: sched: clsu32: Undo tcfbindfilter if u32replacehwknode When u32replacehwknode fails, we need to undo the tcf BindFilter operation performed at u32setparms...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: perf/armdmc620: Fixed a leak in the hotplug callback in dmc620pmuinit. The dmc620pmuinit function does not remove the callback added by cpuhpsetupstatemulti when platformdriverregister fails. Remove the callback by calling...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: tpm2-sessions: Fixed out-of-range indexing in namesize. The namesize field does not have any range checks; it simply indexes using TPMALGID. This could lead to memory corruption in extreme cases. The issue is addressed by only...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: regmap: maple: A failure occurs when there is no free entry in the masstoregfp function. The regcachemaplewrite function allocates a new block called “entry” to merge adjacent ranges, and then stores it using masstoregfp. When...

SUSE CVE-2026-43489

In the Linux kernel, the following vulnerability has been resolved: liveupdate: luofile: remember retrieve status LUO keeps track of successful retrieve attempts on a LUO file. It does so to avoid multiple retrievals of the same file. Multiple retrievals cause problems because once the file is...

SUSE CVE-2026-43351

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgicallocateprivateirqslocked fails for any odd reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialised. kvmvgicdistdestroy then comes along and walk...

SUSE CVE-2026-43128

In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dmabufunpin in failure path In ibumemdmabufgetpinnedwithdmadevice, the call to ibumemdmabufmappages can fail. If this occurs, the dmabuf is immediately unpinned but the umemdmabuf-pinned flag is still set...

CVE-2026-43351

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgicallocateprivateirqslocked fails for any odd reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialised. kvmvgicdistdestroy then comes along and walk...

UBUNTU-CVE-2026-43351

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgicallocateprivateirqslocked fails for any odd reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialised. kvmvgicdistdestroy then comes along and walk...

CVE-2026-43351

The CVE-2026-43351 issue affects the Linux kernel’s KVM on arm64 when creating a virtual GIC. If vgic_allocate_private_irqs_locked() fails, kvm_vgic_create() can exit before vgic dist regions are initialised, and kvm_vgic_dist_destroy() may then attempt to free uninitialised data, risking a crash...

CVE-2026-43120

In the Linux kernel RDMA/irdma driver, CVE-2026-43120 describes a double-free during rereg_user_mr when IB_MR_REREG_TRANS is set. If the trans reg path fails after allocating a new umem, the code releases it but fails to NULL the iwmr->region, causing ib_umem_release to be invoked again during...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drivers: perf: marvellcn10k: Fixed a leak in the hotplug callback in tadpmuinit. The tadpmuinit function does not remove the callback added by cpuhpsetupstatemulti when platformdriverregister fails. Remove the callback by usin...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Race conditions between subflow failures and additional subflow creations. We have race conditions similar to those addressed by the previous patch, between subflow failures and additional subflow creations. However, these...

CVE-2026-43012 net/mlx5: Fix switchdev mode rollback in case of failure

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix switchdev mode rollback in case of failure If for some internal reason switchdev mode fails, we rollback to legacy mode, before this patch, rollback will unregister the uplink netdev and leave it unregistered causin...

CVE-2026-31790

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

CVE-2026-23305 accel/rocket: fix unwinding in error path in rocket_probe

In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could be the case with EPROBEDEFER, we need to properly unwind by decrementing the counter we just incremented and if this is the first core we...

CVE-2026-23284

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Reset prog ptr to oldprog in case of error in mtkxdpsetup Reset eBPF program pointer to oldprog and do not decrease its ref-count if mtkopen routine in mtkxdpsetup fails...

CVE-2026-32259 ImageMagick has a possible stack buffer overflow in sixel encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and...