CVE-2026-10638

subsys/net/ip/icmpv6.c reads the network interface from a netpkt after that packet has been handed to nettrysenddata. In icmpv6handleechorequest and neticmpv6senderror, the post-send statistics update calls netpktifacereply/netpktifacepkt on the just-sent packet. The send path nettrysenddata -...

CVE-2026-10637 Use-after-free of net_pkt in IPv6 MLD send path triggerable by a link-local MLD Query

subsys/net/ip/ipv6mld.c:mldsend read the packet interface via netpktifacepkt after netsenddatapkt returned successfully. Per the network stack's ownership contract include/zephyr/net/netcore.h, and the explicit warning in subsys/net/ip/netcore.c:453-460 'do not use pkt after that call', a...

CVE-2025-68755 staging: most: remove broken i2c driver

In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging. Specifically, commit 723de0f9171e "staging: most: remove device from...

EUVD-2022-55728

In the Linux kernel, the following vulnerability has been resolved: ipmi: fix use after free in ipmidestroyuser The intffree function frees the "intf" pointer so we cannot dereference it again on the next line...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninitialized P2P vif pointer, which could lead to a null pointer dereference...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ipmi:msghandler: Fixed potential memory corruption in ipmicreateuser. The “intf” list iterator becomes an invalid pointer if the correct “intf-intfnum” is not found. Calling atomicdec&intf-nrusers with an invalid pointer will lea...

EUVD-2025-36663

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in trytoregistercard In trytoregistercard, the return value of usbifnumtoif is passed directly to usbinterfaceclaimed without a NULL check, which will lead to a NULL pointer dereference...

UBUNTU-CVE-2025-40085

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in trytoregistercard In trytoregistercard, the return value of usbifnumtoif is passed directly to usbinterfaceclaimed without a NULL check, which will lead to a NULL pointer dereference...

CVE-2025-40085

Affected software: Linux kernel (ALSA: usb-audio).Issue: NULL pointer dereference in try_to_register_card when usb_ifnum_to_if() returns NULL and is passed to usb_interface_claimed() without a NULL check.Impact: NULL pointer dereference during creation of an invalid USB audio device (potential cr...

PT-2025-44279

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ALSA subsystem, specifically within the try to register card function. The function passes the return value of usb ifnum to if directly to usb...

SUSE CVE-2025-38570

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AFXDP portion of the queues.py test. The UaF is in the skmarknapiidonce call in xskbind, NAPI has been freed. Looks like the device failed to open...

DEBIAN-CVE-2025-38456

In the Linux kernel, the following vulnerability has been resolved: ipmi:msghandler: Fix potential memory corruption in ipmicreateuser The "intf" list iterator is an invalid pointer if the correct "intf-intfnum" is not found. Calling atomicdec&intf-nrusers on and invalid pointer will lead to memo...

PT-2025-8782

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A read-after-free issue was found in the Linux kernel, specifically in the ath12k wifi module. The problem occurs in the ath12k mac assign vif to vdev function when an arvif is created o...

Microsoft Windows COM Local Privilege Escalation Vulnerability(CVE-2017-0213)

Summary: When accessing an OOP COM object using IRemUnknown2 the local unmarshaled proxy can be for a different interface to that requested by QueryInterface resulting in a type confusion which can result in EoP. Description: Querying for an IID on a OOP or remote COM object calls the ORPC method...