SUSE CVE-2026-45978

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gblightslightconfig stores channelcount before allocating the channels array. If kcalloc fails, gblightsrelease iterates the non-zero count and dereferences light-channels, which is NULL...

CVE-2026-45978

A flaw was found in the Linux kernel's Greybus Lights subsystem. This vulnerability occurs when the gblightslightconfig function attempts to store a channel count before successfully allocating the corresponding channels array. If the memory allocation fails, a subsequent cleanup operation can tr...

EUVD-2026-32262

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gblightslightconfig stores channelcount before allocating the channels array. If kcalloc fails, gblightsrelease iterates the non-zero count and dereferences light-channels, which is NULL...

CVE-2026-45978

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gblightslightconfig stores channelcount before allocating the channels array. If kcalloc fails, gblightsrelease iterates the non-zero count and dereferences light-channels, which is NULL...

UBUNTU-CVE-2026-45978

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gblightslightconfig stores channelcount before allocating the channels array. If kcalloc fails, gblightsrelease iterates the non-zero count and dereferences light-channels, which is NULL...

CVE-2026-45978 staging: greybus: lights: avoid NULL deref

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gblightslightconfig stores channelcount before allocating the channels array. If kcalloc fails, gblightsrelease iterates the non-zero count and dereferences light-channels, which is NULL...

CVE-2026-45978

The CVE-2026-45978 issue affects the Linux kernel (staging: greybus: lights). The underlying problem is in gb_lights_light_config(): it stores channel_count before allocating the channels array; if kcalloc() fails, the cleanup path may dereference a NULL light->channels. The fix is to allocate...

CVE-2026-45978

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gblightslightconfig stores channelcount before allocating the channels array. If kcalloc fails, gblightsrelease iterates the non-zero count and dereferences light-channels, which is NULL...

CVE-2026-45978

staging: greybus: lights: avoid NULL deref...

PT-2026-43845

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the greybus lights staging component. The function gb lights light config stores the channel count before the channels array is allocated. If the...

Linux Distros Unpatched Vulnerability : CVE-2026-45978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - staging: greybus: lights: avoid NULL deref gblightslightconfig stores channelcount before allocating the channels array. If kcalloc fails, gblightsrelease...

EUVD-2026-15588

Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through = 3.7.1...

CVE-2026-25367

Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CitiLights: from n/a through 3.7.2...

Dozens of ICE Vehicles in Minnesota Lack ‘Necessary’ Lights and Sirens

A contract justification published in a federal register on Tuesday says that 31 ICE vehicles operating in the Twin Cities area “lack the necessary emergency lights and sirens” to be “compliant.”...

CVE-2022-23701

A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 iLO 4 firmware versions: Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with...

CVE-2022-23704

A potential security vulnerability has been identified in Integrated Lights-Out 4 iLO 4. The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 iLO 4 2.80 and later...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993178)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993178 advisory. In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of getchannelfrommode If channel for the given node is not found we...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: My coauthor Nathan E. Sanders and I are speaking at the Rayburn House Office Building in Washington, DC at noon ET on November 17, 2025. The event is hosted by the POPVOX Foundation and the topic is “AI and Congress: Practical Step...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28626)

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and...

HP Integrated Lights-Out Denial of Service (CVE-2015-5436)

A potential security vulnerability has been identified with HP Integrated Lights-Out 4 iLO 4 firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service DoS. Note this was originally published in 2015 however the CVE ent...