992 matches found
CVE-2026-64155
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix error path leaks in some WMI WOW calls Fix two instances where we used to directly return the result of ath11kwmicmdsend.... Because we did not check the return value, we also did not free the skb in the error...
CVE-2026-64144
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: fix urb-setuppacket leak in error paths The setuppacket of control urb is not freed if usbsubmiturb fails or the submitted urb is killed. Add free in these two paths...
CVE-2026-63965 iio: pressure: bmp280: fix stack leak in bmp580 trigger handler
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: bmp280: fix stack leak in bmp580 trigger handler bmp580triggerhandler declares its scan buffer on the stack without an initializer and then memcpys 3 bytes of 24-bit sensor data into each 4-byte le32 field. The hig...
CVE-2026-53397
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix posixacl leak on SETACL decode failure nfsaclsvcdecodesetaclargs and nfs3svcdecodesetaclargs each call nfsstreamdecodeacl twice, first for NFSACL and then for NFSDFACL. Each successful call transfers ownership of a...
PT-2026-61337
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix dma vecs leak on p2p memory We don't unmap P2P memory, so we don't need to track it. The dma vec allocation was getting leaked on the completion...
PT-2026-61501
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: call missing mem cgroup iter break damon sysfs memcg path to id breaks mem cgroup iter loop without calling mem cgroup iter break. This leaks the cgroup reference. Fix the issue by calling mem cgroup iter...
CVE-2026-53345
In the Linux kernel, the following vulnerability has been resolved: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying When marking a page dirty, complain about not having a running/loaded vCPU if and only if the VM is still alive, i.e. its refcount is non-zero. This will...
EUVD-2026-40979
In the Linux kernel, the following vulnerability has been resolved: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying When marking a page dirty, complain about not having a running/loaded vCPU if and only if the VM is still alive, i.e. its refcount is non-zero. This will...
SUSE-SU-2026:22458-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in...
SUSE CVE-2026-53102
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak after mt76connacmcuallocstareq mt76connacmcuallocstareq allocates an skb which is expected to be freed eventually by mt76mcuskbsendmsg. However, currently if an intermediate function fails before...
CVE-2026-53229 net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix DMA and xdpframe leak on XDPTX xmit failure In the XSK branch of mlx5exmitxdpbuff, when sq-xmitxdpframe returns false e.g. XDPSQ is full, the function returns without unmapping the DMA address or freeing the...
PT-2026-52237
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/v3d component regarding global performance monitor reference counting. In the SET GLOBAL ioctl, the v3d perfmon find function increases the reference count of...
CVE-2026-52990
In the Linux kernel, the following vulnerability has been resolved: fsnotify: fix inode reference leak in fsnotifyrecalcmask fsnotifyrecalcmask fails to handle the return value of fsnotifyrecalcmask, which may return an inode pointer that needs to be released via fsnotifydropobject when the...
CVE-2026-52990
The CVE-2026-52990 issue affects the Linux kernel fsnotify subsystem, where fsnotify_recalc_mask() can leak an inode reference if the HAS_IREF flag transitions from true to false and the returned inode pointer is not released. A race between adding and detaching marks may skip proper cleanup, cau...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Added a call to putpid. Added a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID; therefore, we need to free it here to avoid leaks. [email protected]: reword...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: BPF: Freeing special fields when updating lru,percpuhash maps Since lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to ‘bpfobjfreefields’ in ‘pcpucopyvalue’ could cause the memory referenced by BPFKPTRREF,PERCPU fiel...
OPENSUSE-SU-2026:21146-1 Security update for lldpd
This update for lldpd fixes the following issues: Changes in lldpd: - Update to version 1.0.22 Fix CVE-2026-46433, out-of-bound read access when removing VLAN tag 787. Reject 0-length management address in LLDP. Fix race condition when creating the control socket. Fix FDP MAC address. Fix memory...
SUSE CVE-2026-46322
In the Linux kernel, the following vulnerability has been resolved: tun: free page on buildskb failure in tunxdpone When buildskb fails in tunxdpone, the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhostnetbuildxdp allocated for the frame. ...
PT-2026-48379
Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description A flaw allows a remote attacker to write arbitrary OS-shortcut files, such as .desktop, .url, and .webloc, to the user's filesystem. This occurs because the file extension allowlist used to preve...
CVE-2026-46322
In the Linux kernel, the following vulnerability has been resolved: tun: free page on buildskb failure in tunxdpone When buildskb fails in tunxdpone, the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhostnetbuildxdp allocated for the frame. ...