CVE-2026-31527

In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock...

CVE-2026-31487

The CVE concerns the Linux kernel SPI subsystem. A flaw arises when a driver is probed via __driver_attach(): the bus match() callback is invoked without holding the device lock, allowing access to the driver_override field without proper synchronization, creating a use-after-free (UAF) risk. The...

PT-2026-34392

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the SPI subsystem. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device lock. This...

PT-2017-18938

Name of the Vulnerable Software and Affected Versions YARA version 3.6.1 Description The issue allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted file. This is due to the mishandling of the file in the yr re fast exec function in...