CVE-2026-46264

The CVE-2026-46264 entry concerns the Linux kernel component drm/xe/pf, where a cleanup action registered via devm_add_action_or_reset() could run on an uninitialized kobject. This caused use-after-free and kobject_put() errors during sysfs initialization, including underflow of refcount_t. The r...

CVE-2026-46264

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

EUVD-2026-34126

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

CVE-2026-46264 drm/xe/pf: Fix sysfs initialization

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

PT-2026-46027

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm add action or reset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e...

EUVD-2022-55681

Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...

SUSE CVE-2022-50473

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobjectinitandadd In cpufreqpolicyalloc, it will call uninitialed completion in cpufreqsysfsrelease when kobjectinitandadd fails. And that will cause a crash such as the following page fault in...

CVE-2022-50473

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobjectinitandadd In cpufreqpolicyalloc, it will call uninitialed completion in cpufreqsysfsrelease when kobjectinitandadd fails. And that will cause a crash such as the following page fault in...

CVE-2022-50473 cpufreq: Init completion before kobject_init_and_add()

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobjectinitandadd In cpufreqpolicyalloc, it will call uninitialed completion in cpufreqsysfsrelease when kobjectinitandadd fails. And that will cause a crash such as the following page fault in...

CVE-2022-50473

CVE-2022-50473 affects the Linux kernel cpufreq subsystem. The root cause is calling an uninitialized completion in cpufreq_sysfs_release() when kobject_init_and_add() fails, occurring in cpufreq_policy_alloc(). This can lead to a crash (page fault) on a local system via complete+0x98, with Call ...

PT-2025-40660

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the cpufreq subsystem. Specifically, in cpufreq policy alloc, an uninitialized completion is called within cpufreq sysfs release when kobject...

CVE-2022-49370 firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle

In the Linux kernel, the following vulnerability has been resolved: firmware: dmi-sysfs: Fix memory leak in dmisysfsregisterhandle kobjectinitandadd takes reference even when it fails. According to the doc of kobjectinitandadd If this function returns an error, kobjectput must be called to proper...

CVE-2022-49370

The CVE-2022-49370 issue affects the Linux kernel component handling firmware dmi-sysfs, where a memory leak occurs due to improper cleanup in dmi_sysfs_register_handle when kobject_init_and_add() returns an error. The documented fix is to call kobject_put() to release memory in that failure path...

SUSE CVE-2021-47550

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpugetxgmihive, when kobjectinitandadd failed There is a potential memleak if not call kobjectput...