Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed the vport QoS cleanup process when an error occurs. When enabling vport QoS fails, the scheduling node never gets freed, resulting in a leak. The missing fields were added, and the vport scheduling node pointer wa...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: comedi: A memory leak has been fixed in compatinsnlist. compatinsnlist handles the 32-bit version of the COMEDIINSNLIST ioctl function when CONFIGCOMPAT is enabled. It allocates memory to temporarily hold an array of struct...

SUSE CVE-2026-45922

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in GETDATADIRECTSYSFSPATH handler The UVERBSHANDLERMLX5IBMETHODGETDATADIRECTSYSFSPATH function allocates memory for the device path using kobjectgetpath. If the length of the device path exceeds the...

SUSE CVE-2026-46067

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

CVE-2026-45928

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix memory leak on codecinfo allocation failure In wave5vpuopenenc and wave5vpuopendec, a vpu instance is allocated via kzalloc. If the subsequent allocation for inst-codecinfo fails, the functions retu...

CVE-2026-46067

CVE-2026-46067 affects the Linux kernel DAMON core. The issue arises because the code path in mm/damon/core validates the node-datas used by NODE-DATA() relies on damos_quota_goal->nid but does not validate its value, allowing an arbitrary nid to be supplied for node_memcg_{used,free}_bp. This...

EUVD-2026-32449

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

CVE-2026-45863

The CVE-2026-45863 entry documents a Linux kernel memory-leak bug in i3c: dw through dw_i3c_master_i2c_xfers(). The function allocates an xfer via dw_i3c_master_alloc_xfer(), but if pm_runtime_resume_and_get() fails it previously returned without freeing the allocated xfer. The fix adds a call to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: zloop: fixed the KASAN use-after-free of tagset When a zoned loop device, or zloop device, is removed, the KASAN-enabled kernel reports “BUG KASAN use-after-free” in the blkmqfreetagset function. This bug occurs because...

CLSA-2026-1778798046 binutils: Fix of CVE-2022-48065

CVE-2022-48065: Fix memory leak in function findabstractinstance in dwarf2.c and free allocated memory...

CVE-2026-43462

CVE-2026-43462 affects the Linux kernel spacemit network driver. An error in the function emac_tx_mem_map() could leak DMA mappings on a mapping failure. This resource mismanagement may lead to a denial of service, impacting system availability. The published fix frees the leaked DMA mappings usi...

CVE-2026-43457

In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: fix skb memory leak in receive path When 'midev-allowrx' is false, the newly allocated skb isn't consumed by netifrx, it needs to free the skb directly...

EUVD-2026-28419

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

CVE-2026-33811

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

CVE-2026-33811 Crash when handling long CNAME response in net

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

CVE-2026-33811

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

SUSE CVE-2026-43104

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix a memory leak in hang state error path When vc4savehangstate encounters an early return condition, it returns without freeing the previously allocated kernelstate, leaking memory. Add the missing kfree calls by...

CVE-2026-43162 media: tegra-video: Fix memory leak in __tegra_channel_try_format()

In the Linux kernel, the following vulnerability has been resolved: media: tegra-video: Fix memory leak in tegrachanneltryformat The state object allocated by v4l2subdevstatealloc must be freed with v4l2subdevstatefree when it is no longer needed. In tegrachanneltryformat, two error paths return...

CVE-2026-43104 drm/vc4: Fix a memory leak in hang state error path

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix a memory leak in hang state error path When vc4savehangstate encounters an early return condition, it returns without freeing the previously allocated kernelstate, leaking memory. Add the missing kfree calls by...

CVE-2026-31609

In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbdfreesendio after smbdsendbatchflush smbdsendbatchflush already calls smbdfreesendio, so we should not call it again after smbdpostsend moved it to the batch list...