60 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dax: Fixed the issue where daxmappingrelease was called after the object was freed. A test using CONFIGDEBUGKOBJECTRELEASE to remove a device-related dax region e.g., using modprobe -r daxhmem results in the following output:...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Using the kobject release method to free dbsdata The struct dbsdata contains a struct govattrset, and the struct govattrset contains a kobject. Since every kobject must have a release method, and we cannot...
SUSE CVE-2026-46164
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in createspaceinfosubgroup error path When kobjectinitandadd fails, the call chain is: createspaceinfosubgroup - btrfssysfsaddspaceinfotype - kobjectinitandadd - failure - kobjectput&subgroup-kobj -...
CVE-2026-46164
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in createspaceinfosubgroup error path When kobjectinitandadd fails, the call chain is: createspaceinfosubgroup - btrfssysfsaddspaceinfotype - kobjectinitandadd - failure - kobjectput&subgroup-kobj -...
EUVD-2026-32791
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in createspaceinfosubgroup error path When kobjectinitandadd fails, the call chain is: createspaceinfosubgroup - btrfssysfsaddspaceinfotype - kobjectinitandadd - failure - kobjectput&subgroup-kobj -...
CVE-2026-46129 btrfs: fix double free in create_space_info() error path
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in createspaceinfo error path When kobjectinitandadd fails, the call chain is: createspaceinfo - btrfssysfsaddspaceinfotype - kobjectinitandadd - failure - kobjectput&spaceinfo-kobj - spaceinforelease -...
CVE-2026-46129
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in createspaceinfo error path When kobjectinitandadd fails, the call chain is: createspaceinfo - btrfssysfsaddspaceinfotype - kobjectinitandadd - failure - kobjectputinfo-kobj - spaceinforelease -...
PT-2026-44287
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the Linux kernel within the create space info sub group function. When kobject init and add fails, the execution flow triggers kobject put&sub group-kobj,...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Firmware: dmi-sysfs: Fixed the null-ptr-deref issue in dmisysfsregisterhandle. KASAN reported a null-ptr-deref error: KASAN: null-ptr-deref in the range 0x0000000000000008-0x000000000000000f CPU: 0 PID: 1373 Comm: modprobe Hardwa...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: EDAC/mc: Fixed the error path ordering in edacmcalloc. When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice, which will ultimately call the device’s release function. However, the...
UBUNTU-CVE-2026-43328
In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: fix double free in cpufreqdbsgovernorinit error path When kobjectinitandadd fails, cpufreqdbsgovernorinit calls kobjectput&dbsdata-attrset.kobj. The kobject release callback cpufreqdbsdatarelease calls...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cpufreq: schedutil: Use kobject release method to free sugovtunables The struct sugovtunables is protected by the kobject, so we cannot free it directly. Otherwise, we would receive a call trace like this: ODEBUG: free active...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005020)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005020 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release method to free dbsdata The struct dbsdata embeds a struct...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005170)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005170 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent The altmode device release refers to its pare...
SUSE CVE-2025-71152
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
AZL-77319 CVE-2025-71152 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
UBUNTU-CVE-2025-71152
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
CVE-2025-71152
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
CVE-2025-71152 net: dsa: properly keep track of conduit reference
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993196)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993196 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'addwidgetnode' As 'kobjectadd' may allocated memory for...