UBUNTU-CVE-2026-45865

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...

CVE-2026-45865

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...

UBUNTU-CVE-2026-43457

In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: fix skb memory leak in receive path When 'midev-allowrx' is false, the newly allocated skb isn't consumed by netifrx, it needs to free the skb directly...

CVE-2026-43457

In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: fix skb memory leak in receive path When 'midev-allowrx' is false, the newly allocated skb isn't consumed by netifrx, it needs to free the skb directly...

CVE-2026-43457

CVE-2026-43457 affects the Linux kernel MCTP over I2C receive path. When midev->allow_rx is false, a newly allocated skb is not consumed by netif_rx() and must be freed directly, otherwise a memory leak can occur leading to potential DoS through memory exhaustion. The available connected sourc...

CVE-2026-43455

In the Linux kernel, the following vulnerability has been resolved: mctp: route: hold key-lock in mctpflowprepareoutput mctpflowprepareoutput checks key-dev and may call mctpdevsetkey, but it does not hold key-lock while doing so. mctpdevsetkey and mctpdevreleasekey are annotated with...

CVE-2026-43375

In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...

PT-2026-39116

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the mctp flow prepare output function. The function checks key-dev and may call mctp dev set key without holding the key-lock, despite the latter being intende...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in the MCTP protocol within the Linux kernel. The function mctpunregister reclaims the device’s related resources when a netcard is detached. However, a running program may be unaware of this flaw, leading to a use-after-free of the mdev-addrs object, which could potentially...

EUVD-2023-44103

Malicious code in bioql PyPI...

USN-7802-1 linux-azure, linux-azure-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AM...

Ubuntu 25.04 : Linux kernel (Azure) vulnerabilities (USN-7721-1)

"The remote Ubuntu 25.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7721-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in th...

DEBIAN-CVE-2022-49854

In the Linux kernel, the following vulnerability has been resolved: mctp: Fix an error handling path in mctpinit If mctpneighinit return error, the routes resources should be released in the error handling path. Otherwise some resources leak...

UBUNTU-CVE-2022-49854

In the Linux kernel, the following vulnerability has been resolved: mctp: Fix an error handling path in mctpinit If mctpneighinit return error, the routes resources should be released in the error handling path. Otherwise some resources leak...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from mctp not setting SOCKRCUFREE...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an error handling path in the mctpinit function in the mctp driver that fails to free up routing resources,...

DEBIAN-CVE-2025-21972

In the Linux kernel, the following vulnerability has been resolved: net: mctp: unshare packets when reassembling Ensure that the fraglist used for reassembly isn't shared with other packets. This avoids incorrect reassembly when packets are cloned, and prevents a memory leak due to circular...

CVE-2025-21903

In the Linux kernel, the following vulnerability has been resolved: mctp i3c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by MCTP core, but check for NULL in case a packet is...

DEBIAN-CVE-2024-53043

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by MCTP core, but check for NULL in case a packet is...

CVE-2024-53043 mctp i2c: handle NULL header address

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by MCTP core, but check for NULL in case a packet is...