CVE-2026-46210

The CVE-2026-46210 issue affects the Linux kernel Iris media driver. A race between per-instance locks (inst->lock) and the core list lock (core->lock) allows a use-after-free during MBPF checks: MBPF iterates the core list and reads fields like fmt_src->width/height while iris_close() m...

SUSE CVE-2023-54201

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix wrong resources deallocation order When trying to destroy QP or CQ, we first decrease the refcount and potentially free memory regions allocated for the object and then request the device to destroy the object. If t...

CVE-2025-40314

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget In the cdnspgadgetinit and cdnspgadgetexit functions, the gadget structure pdev-gadget was freed before its endpoints. The endpoints are...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989582)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989582 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Free irq vectors in order for v3 HW If the driver probe fails to request the chann...

UBUNTU-CVE-2025-39997

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in sndusbmidifree The previous commit 0718a78f6a9f "ALSA: usb-audio: Kill timer properly at removal" patched a UAF issue caused by the error timer. However, because the error timer kill...

CVE-2025-38620

The CVE-2025-38620 vulnerability affects the Linux kernel’s zloop (zoned loop) device. It arises from a use-after-free in blk_mq_free_tag_set() during zloop removal: zloop_ctl_remove() frees zlo memory (via zloop_free_disk()) and then accesses zlo->tag_set, which now points to freed memory. Th...

kernel: can: bcm: Fix UAF in bcm_proc_show()

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcmprocshow BUG: KASAN: slab-use-after-free in bcmprocshow+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 230 Hardwar...

DEBIAN-CVE-2022-49118

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Free irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, the driver will free the IRQ vectors before freeing the IRQs in freeirq, and this will cause a kernel BUG like...

SUSE CVE-2024-44932

In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes very rarely, but possible throwing WARNs from net/core/pagepool.c:pagepooldisabledirectrecycling. Turned out idpf frees interrupt vectors with...

DEBIAN-CVE-2024-44932

In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes very rarely, but possible throwing WARNs from net/core/pagepool.c:pagepooldisabledirectrecycling. Turned out idpf frees interrupt vectors with...

DEBIAN-CVE-2024-42108

In the Linux kernel, the following vulnerability has been resolved: net: rswitch: Avoid use-after-free in rswitchpoll The use-after-free is actually in rswitchtxfree, which is inlined in rswitchpoll. Since skb and gq-skbsgq-dirty are in fact the same pointer, the skb is first freed using...