8664 matches found
EUVD-2026-28780
In the Linux kernel, the following vulnerability has been resolved: fs: init flagsvalid before calling vfsfileattrget syzbot reported a uninit-value bug in 1. Similar to the "get" context where the kernel's internal filekattr structure is initialized before calling vfsfileattrget, we should use t...
EUVD-2026-28747
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...
EUVD-2026-28714
In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...
EUVD-2026-28657
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgicallocateprivateirqslocked fails for any odd reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialised. kvmvgicdistdestroy then comes along and walk...
EUVD-2026-28612
In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: fix double free in cpufreqdbsgovernorinit error path When kobjectinitandadd fails, cpufreqdbsgovernorinit calls kobjectput&dbsdata-attrset.kobj. The kobject release callback cpufreqdbsdatarelease calls...
EUVD-2026-28582
In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Initialize subdev before controls In ov5647initcontrols we call v4l2getsubdevdata, but it is initialized by v4l2i2csubdevinit in the probe, which currently happens after initcontrols. This can result in a...
EUVD-2026-28558
In the Linux kernel, the following vulnerability has been resolved: ext4: move ext4percpuparaminit before ext4mbinit When running kvm-xfstests -c ext4/1k -C 1 generic/383 with the DOUBLECHECK macro defined, the following panic is triggered:...
CVE-2026-43430
In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a window during which...
CVE-2026-43408
In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...
CVE-2026-43395
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xesyncentryparse can allocate references syncobj, fence, chain fence, or user fence before hitting a later failure path. Several of those paths returned directly,...
CVE-2026-43369
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpudevicefinihw, the code calls...
CVE-2026-43356
In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...
CVE-2026-43351
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgicallocateprivateirqslocked fails for any odd reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialised. kvmvgicdistdestroy then comes along and walk...
UBUNTU-CVE-2026-43408
In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...
UBUNTU-CVE-2026-43351
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgicallocateprivateirqslocked fails for any odd reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialised. kvmvgicdistdestroy then comes along and walk...
CVE-2026-43351
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgicallocateprivateirqslocked fails for any odd reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialised. kvmvgicdistdestroy then comes along and walk...
CVE-2026-43408
In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...
UBUNTU-CVE-2026-43369
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpudevicefinihw, the code calls...
CVE-2026-43395
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xesyncentryparse can allocate references syncobj, fence, chain fence, or user fence before hitting a later failure path. Several of those paths returned directly,...
UBUNTU-CVE-2026-43441
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...