CVE-2023-53316 drm/msm/dp: Free resources after unregistering them

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Free resources after unregistering them The DP component's unbind operation walks through the submodules to unregister and clean things up. But if the unbind happens because the DP controller itself is being removed,...

CVE-2025-39830 net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, Fix memory leak in hwspoolbuddyinit error path In the error path of hwspoolbuddyinit, the buddy allocator cleanup doesn't free the allocator structure itself, causing a memory leak. Add the missing kfree to properl...

CVE-2023-53303 net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule()

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix possible memory leak for vcapduprule Inject fault When select CONFIGVCAPKUNITTEST, the below memory leak occurs. If kzalloc for duprule succeeds, but the following kmemdup fails, the duprule, ckf and...

SUSE-SU-2025:20669-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cowfilerange bsc1230708. - CVE-2025-38006: net: mctp: Do not access ifaindex when missing bsc1244930. -...

CVE-2025-38699

In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfadimprobe function fails during initialization, the memory pointed to by bfad-im is freed without setting bfad-im to NULL. Subsequently, during driver uninstallation, when the state machine...

drm/amd/display: Deallocate DML memory if allocation fails

...

Linux Distros Unpatched Vulnerability : CVE-2025-38564

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf/core: Handle buffer mapping fail correctly in perfmmap After successful allocation of a buffer or a successful attachment to an existing buffer perfmmap...

IBM Concert Software Improper Heap Memory Cleanup Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from an improper heap memory cleanup vulnerability...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper memory cleanup, which could lead to a memory leak...

Linux Distros Unpatched Vulnerability : CVE-2025-38389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/i915/gt: Fix timeline left held on VMA alloc error The following error has been reported sporadically by CI when a test unbinds the i915 driver on a ring...

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

Linux Distros Unpatched Vulnerability : CVE-2025-38024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/rxe: Fix slab-use-after-free Read in rxequeuecleanup bug Call Trace: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x7d/0xa0 lib/dumpstack.c:120...

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

USN-7588-1 gss-ntlmssp vulnerabilities

Phil Turnbull discovered that GSS NTLMSSP may perform out-of-bounds reads when decoding NTLM fields and target information. An attacker could possibly use this issue to cause GSS NTLMSSP to crash, resulting in a denial of service. CVE-2023-25563, CVE-2023-25567 Phil Turnbull discovered that GSS...

CVE-2022-49939

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of ref-proc caused by race condition A transaction of type BINDERTYPEWEAKHANDLE can fail to increment the reference for a node. In this case, the target proc normally releases the failed reference upon close as...

TOZED ZLT W51 安全漏洞

TOZED ZLT W51 is a router from China Tongze Kangwei TOZED. A security vulnerability exists in TOZED ZLT W51 version 1.4.2 and earlier, which stems from improper cleanup of the heap memory of the service port 7777 component before freeing it...

CVE-2025-37980 block: fix resource leak in blk_register_queue() error path

In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blkregisterqueue error path When registering a queue fails after blkmqsysfsregister is successful but the function later encounters an error, we need to clean up the blkmqsysfs resources. Add the missi...

kernel: wifi: ath10k: Fix memory leak in management tx

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: Fix memory leak in management tx In the current logic, memory is allocated for storing the MSDU context during management packet TX but this memory is not being freed during management TX completion. Similar leaks a...

DEBIAN-CVE-2025-37837

In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix warnings due to dmamfreecoherent Two WARNINGs are observed when SMMU driver rolls back upon failure: arm-smmu-v3.9.auto: Failed to register iommu arm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed...

linux-firmware security update

An update is available for linux-firmware. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The linux-firmware packages contain all of the firmware files that are...