EUVD-2026-38910

In the Linux kernel, the following vulnerability has been resolved: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal CXL is linked before fwctl in drivers/Makefile. Both use moduleinit, so cxlpcidriverinit runs first. When cxlpciprobe calls fwctlregister and then...

CVE-2026-53042

In CVE-2026-53042, the Linux kernel vulnerability stems from an initialization order: CXL is linked before fwctl in drivers/Makefile, causing fwctl_register to run before fwctl_init, so fwctl_class isn’t registered when device_add is called. This makes class_to_subsys() return NULL, skipping knod...

EUVD-2024-55616

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...

CVE-2026-43312

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Initialize subdev before controls In ov5647initcontrols we call v4l2getsubdevdata, but it is initialized by v4l2i2csubdevinit in the probe, which currently happens after initcontrols. This can result in a...

CVE-2026-43312

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Initialize subdev before controls In ov5647initcontrols we call v4l2getsubdevdata, but it is initialized by v4l2i2csubdevinit in the probe, which currently happens after initcontrols. This can result in a...

CVE-2026-43288

In the Linux kernel, the following vulnerability has been resolved: ext4: move ext4percpuparaminit before ext4mbinit When running kvm-xfstests -c ext4/1k -C 1 generic/383 with the DOUBLECHECK macro defined, the following panic is triggered:...

Linux Distros Unpatched Vulnerability : CVE-2026-31669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability...

CVE-2026-31669

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...

CVE-2026-23146

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: fix null-ptr-deref in hciuartwritework hciuartsetproto sets HCIUARTPROTOINIT before calling hciuartregisterdev, which calls proto-open to initialize hu-priv. However, if a TTY write wakeup occurs during this...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004875)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004875 advisory. In the Linux kernel, the following vulnerability has been resolved: kcm: fix strpinit order and cleanup strpinit is called just a few lines above this csk-skuserdata...

CVE-2025-40338

CVE-2025-40338 is a Linux kernel vulnerability in ASoC: Intel avs where sharing the component name pointer could cause use-after-free during teardown. The fix duplicates the component name to prevent lifetime issues and updates the initialization/teardown order (noting that the config may pass a ...

CVE-2025-40338 ASoC: Intel: avs: Do not share the name pointer between components

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, update the order of...

Siemens SIMATIC Devices Use of Uninitialized Resource (CVE-2025-21862)

dropmonitor: incorrect initialization order. If dropmonitor is built as a kernel module, syzkaller may have time to send a netlink NETDMCMDSTART message during the module loading. This will call the netdmmonitorstart function that uses a spinlock that has not yet been initialized. This plugin onl...

EUVD-2022-55239

Malicious code in bioql PyPI...

CVE-2025-38582

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsvqp rsvqp may be double destroyed in error flow, first in freemrinit, and then in hnsroceexit. Fix it by moving the freemrinit call into hnsrocev2init. listdel corruption, ffff589732eb9b50-ne...

UBUNTU-CVE-2022-49957

In the Linux kernel, the following vulnerability has been resolved: kcm: fix strpinit order and cleanup strpinit is called just a few lines above this csk-skuserdata check, it also initializes strp-work etc., therefore, it is unnecessary to call strpdone to cancel the freshly initialized work. An...

AZL-58502 CVE-2025-21862 affecting package kernel for versions less than 6.6.82.1-1

In the Linux kernel, the following vulnerability has been resolved: dropmonitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU1, syz-executor.0/7995 lock: 0xffff88805303f3e0, .magic: 00000000, .owner: /-1, .ownercpu: 0 CPU: 1 PID: 7995 Comm...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fixed a potential null-ptr-deref in ip6tablenattableinit. ip6tablenattableinit accesses net-gen-ptrip6tablenatnetops.id, but this function is exposed to user space before the entry is allocated via...

UBUNTU-CVE-2024-53221

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fssubmitpagebio There's issue as follows when concurrently installing the f2fs.ko module and mounting the f2fs file system: KASAN: null-ptr-deref in range 0x0000000000000020-0x0000000000000027 RIP:...

UBUNTU-CVE-2023-52763

In the Linux kernel, the following vulnerability has been resolved: i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DATdata. The i3cmasterbusinit function may attach the I2C devices before the I3C bus initialization. In this flow, the DAT allocentry will be used before the DAT init...