CVE-2026-49337 libde265 has an unbounded memory leak via orphaned slice headers in `read_slice_NAL`

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

CVE-2026-23080 can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak

In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: mcbausbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In mcbausbprobe - mcbausbstart, the URBs for USB-in transfe...

SUSE CVE-2023-54204

In the Linux kernel, the following vulnerability has been resolved: mmc: sunplus: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, 1. the memory allocated in mmcallochost will be leaked 2. null-ptr-deref will happen when calling mmcremovehost in...

UBUNTU-CVE-2022-50887

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix unbalanced of node refcount in regulatordevlookup I got the the following report: OF: ERROR: memory leak, expected refcount 1 instead of 2, ofnodeget/ofnodeput unbalanced - destroy cset entry: attach overlay...

CVE-2023-54320

The CVE-2023-54320 issue in the Linux kernel affects the amd_pmc_stb_debugfs_open_v2() function (platform/x86/amd). When STB debug mechanism is enabled and amd_pmc_send_cmd() fails, the allocated buffer may not be freed, causing a memory leak. A fix was implemented to release the buffer in the fa...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992164)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992164 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: clean up skbs if ath9khifusbrxstream fails Syzkaller detected a memory leak ...

CVE-2023-54020 dmaengine: sf-pdma: pdma_desc memory leak fix

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdmadesc memory leak fix Commit b2cc5c465c2c "dmaengine: sf-pdma: Add multithread support for a DMA channel" changed sfpdmaprepdmamemcpy to unconditionally allocate a new sfpdmadesc each time it is called. The...

RUSTSEC-2025-0125 Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS

Affected versions of this crate contain resource leaks when querying thread counts on Windows and Apple platforms. Windows The threadamount function calls CreateToolhelp32Snapshot but fails to close the returned HANDLE using CloseHandle. Repeated calls to this function will cause the handle count...

Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS

Affected versions of this crate contain resource leaks when querying thread counts on Windows and Apple platforms. Windows The threadamount function calls CreateToolhelp32Snapshot but fails to close the returned HANDLE using CloseHandle. Repeated calls to this function will cause the handle count...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986470)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986470 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: fix possible use-after-free in smsc75xxbind The commit 46a8b29c6306 net: usb: fix memor...

CVE-2023-53241 nfsd: call op_release, even when op_func returns an error

In the Linux kernel, the following vulnerability has been resolved: nfsd: call oprelease, even when opfunc returns an error For ops with "trivial" replies, nfsd4encodeoperation will shortcut most of the encoding work and skip to just marshalling up the status. One of the things it skips is callin...

Linux Distros Unpatched Vulnerability : CVE-2021-47499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove When ACPI type is ACPISMO8500, the data-dreadytrig will not be set, the memory allocated by...

SUSE CVE-2025-38419

In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Cleanup acquired resources when rprochandleresources fails in rprocattach When rproc-state = RPROCDETACHED and rprocattach is used to attach to the remote processor, if rprochandleresources returns a failure, th...

UBUNTU-CVE-2023-53128

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix throttlegroups memory leak Add a missing kfree...

The vulnerability of the `trace_action_create()` function in the kernel/trace/trace_events_hist.c module, which supports Linux operating system kernel tracing, allows a hacker to cause a service failure.

The vulnerability of the traceactioncreate function in the kernel/trace/traceeventshist.c module, which supports kernel tracing in Linux operating systems, is related to improper memory release before deleting the last reference a “memory leak”. Exploiting this vulnerability could allow an attack...

UBUNTU-CVE-2024-56624

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix outfput in iommufdfaultalloc As fput calls the file-fop-release op, where fault obj and ictx are getting released, there is no need to release these two after fput one more time, which would result in imbalanced...

The vulnerability of the io_uring_get_file() function in the io_uring subsystem of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the iouringgetfile function in the iouring/ module of the iouring subsystem in Linux’s kernel is related to a memory leak that occurs when passing file descriptors through SCMRIGHTS socket messages to AFUNIX. Exploiting this vulnerability can allow an attacker to cause a...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2023-3275)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may...

Design/Logic Flaw

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extractattributes mediatools/m3u8.c:329...

DEBIAN-CVE-2023-45666

stbimage is a single file MIT licensed library for processing images. It may look like stbiloadgifmain doesn’t give guarantees about the content of output value delays upon failure. Although it sets delays to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a...