EUVD-2026-21216

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

UBUNTU-CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

PT-2025-49062

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.8 Description The Linux kernel contains a flaw in the btrfs subsystem where btrfs check leaked roots may access a NULL pointer if fs info-super copy or fs info-super for commit allocation fails during btrfs...

CVE-2023-53649

CVE-2023-53649 concerns a memory-leak in the Linux kernel related to perf trace. The described fix corrects how the evsel->priv area is freed: previously, freeing occurred only when evsel->tp_format->system compared to 'syscalls' yielded zero, but evsel->priv could be non-zero in othe...

CVE-2022-50287 drm/i915/bios: fix a memory leak in generate_lfp_data_ptrs

In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: fix a memory leak in generatelfpdataptrs When size != 0 || ptrs-lvds entries != 3, the program tries to free the ptrs. However, the ptrs is not created by calling kzmalloc, but is obtained by pointer offset...

RUSTSEC-2025-0064 soundness issue and unmaintained

wrenrust::macros::defaultrealloc lacks sufficient checks to it pointer parameter which passed into free and realloc wrenrust is unmaintained...

PT-2025-18518 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the tracing read pipe function. The kmemleak tool reports an unreferenced object, indicating a memory leaka...

wifi: cfg80211: clear wdev->cqm_config pointer on free

...

AZL-52969 CVE-2024-49885 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: mm, slub: avoid zeroing kmalloc redzone Since commit 946fa0dbf2d8 "mm/slub: extend redzone check to extra allocated kmalloc space than requested", setting origsize treats the wasted space objectsize - origsize as a redzone. Howev...

DEBIAN-CVE-2024-46790

In the Linux kernel, the following vulnerability has been resolved: codetag: debug: mark codetags for poisoned page as empty When PGhwpoison pages are freed they are treated differently in freepagesprepare and instead of being released they are isolated. Page allocation tag counters are decrement...

UBUNTU-CVE-2021-47453

In the Linux kernel, the following vulnerability has been resolved: ice: Avoid crash from unnecessary IDA free In the remove path, there is an attempt to free the auxidx IDA whether it was allocated or not. This can potentially cause a crash when unloading the driver on systems that do not...

UBUNTU-CVE-2021-47013

In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emacmactxbufsend In emacmactxbufsend, it calls emactxfilltpd..,skb,... If some error happens in emactxfilltpd, the skb will be freed via devkfreeskbskb in error branch of emactxfilltpd...

SUSE CVE-2006-5754

The aiosetupring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service crash via an unspecified error path that causes an incorrect free operation...

SUSE CVE-2021-3682

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk...

SUSE CVE-2021-44733

A use-after-free exists in drivers/tee/teeshm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in teeshmgetfromid during an attempt to free a shared memory object...

UBUNTU-CVE-2022-2588

It was discovered that the clsroute filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0...

QEMU: usbredir: free() call on invalid pointer in bufp_alloc()

A flaw was found in the USB redirector device emulation of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk metadata, resulting in a crash ...

UBUNTU-CVE-2019-20006

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmlcharcontent puts a pointer to the internal address of a larger block as xml-txt. This is later deallocated using free, leading to a segmentation fault...

CVE-2019-19480

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in scpkcs15decodeprkdfentry...