133650 matches found
CVE-2026-63907
In the Linux kernel, the following vulnerability has been resolved: uio: uiopcigenericsva: fix double free of devmkzalloc memory uiopcisva allocates struct uiopcisvadev with devmkzalloc in probe, but then calls kfreeudev both on the probe error path label outfree and again in remove. Because...
CVE-2026-63880
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix lock leak on ENOMEM in AMDGPUGEMOPGETMAPPINGINFO The AMDGPUGEMOPGETMAPPINGINFO branch of amdgpugemopioctl holds three cleanup-tracked resources before calling kvcalloc: the drmgemobject reference from...
CVE-2026-64145 wifi: wilc1000: fix dma_buffer leak on bus acquire failure
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix dmabuffer leak on bus acquire failure wilcwlanfirmwaredownload allocates dmabuffer with kmalloc at the top of the function and uses a 'fail:' label to free it via kfreedmabuffer on error. All later error paths...
CVE-2026-64145
In the Linux kernel WiFi driver wilc1000, a memory-leak in firmware download was fixed: wilc_wlan_firmware_download() allocates dma_buffer with kmalloc() and, on early failure after the first acquire_bus(), could return without freeing the buffer. The code now uses a goto fail cleanup path to ens...
CVE-2026-64145
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix dmabuffer leak on bus acquire failure wilcwlanfirmwaredownload allocates dmabuffer with kmalloc at the top of the function and uses a 'fail:' label to free it via kfreedmabuffer on error. All later error paths...
EUVD-2026-45830
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix dmabuffer leak on bus acquire failure wilcwlanfirmwaredownload allocates dmabuffer with kmalloc at the top of the function and uses a 'fail:' label to free it via kfreedmabuffer on error. All later error paths...
CVE-2026-64139 ksmbd: fix SID memory leak in set_posix_acl_entries_dacl() on overflow
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix SID memory leak in setposixaclentriesdacl on overflow Commit 299f962c0b02 "ksmbd: use checkaddoverflow to prevent u16 DACL size overflow" added checkaddoverflow guards that break out of the ACE-building loops in...
CVE-2026-64139
CVE-2026-64139 : In the Linux kernel ksmbd path, a memory-leak exists in set_posix_acl_entries_dacl() on overflow. The loop allocates a struct smb_sid with kmalloc_obj() each iteration and relies on per-iteration kfree() at loop end. Introduced break paths skip these frees, causing the sid buffer...
CVE-2026-64139
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix SID memory leak in setposixaclentriesdacl on overflow Commit 299f962c0b02 "ksmbd: use checkaddoverflow to prevent u16 DACL size overflow" added checkaddoverflow guards that break out of the ACE-building loops in...
EUVD-2026-45824
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix SID memory leak in setposixaclentriesdacl on overflow Commit 299f962c0b02 "ksmbd: use checkaddoverflow to prevent u16 DACL size overflow" added checkaddoverflow guards that break out of the ACE-building loops in...
CVE-2026-64129
The CVE-2026-64129 entry concerns the Linux kernel vulnerability in mm/migrate_device: migrate_vma_insert_huge_pmd_page where a check_stable_address_space() failure after acquiring the PMD spinlock via pmd_lock() could jump to abort, bypassing spin_unlock() in unlock_abort. This caused the PMD sp...
CVE-2026-64129 mm/migrate_device: fix spinlock leak in migrate_vma_insert_huge_pmd_page
In the Linux kernel, the following vulnerability has been resolved: mm/migratedevice: fix spinlock leak in migratevmainserthugepmdpage When checkstableaddressspace fails after the PMD spinlock has been acquired via pmdlock, the code jumps directly to the abort label, bypassing the spinunlock call...
CVE-2026-64129
In the Linux kernel, the following vulnerability has been resolved: mm/migratedevice: fix spinlock leak in migratevmainserthugepmdpage When checkstableaddressspace fails after the PMD spinlock has been acquired via pmdlock, the code jumps directly to the abort label, bypassing the spinunlock call...
EUVD-2026-45814
In the Linux kernel, the following vulnerability has been resolved: mm/migratedevice: fix spinlock leak in migratevmainserthugepmdpage When checkstableaddressspace fails after the PMD spinlock has been acquired via pmdlock, the code jumps directly to the abort label, bypassing the spinunlock call...
CVE-2026-64099 drm/v3d: Fix use-after-free of CPU job query arrays on error path
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix use-after-free of CPU job query arrays on error path The CPU job ioctl's fail label calls kvfree on cpujob's timestamp and performance query arrays after v3djobcleanup, which drops the job's last reference and frees...
CVE-2026-64099
The CVE-2026-64099 entry describes a Linux kernel issue in the DRM/V3D path where a CPU job’s timestamp and performance query arrays could be read after the job was freed (use-after-free) due to improper cleanup on error paths. The bug stemmed from manual kvfree() calls and a NULL dereference dur...
CVE-2026-64099
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix use-after-free of CPU job query arrays on error path The CPU job ioctl's fail label calls kvfree on cpujob's timestamp and performance query arrays after v3djobcleanup, which drops the job's last reference and frees...
EUVD-2026-45784
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix use-after-free of CPU job query arrays on error path The CPU job ioctl's fail label calls kvfree on cpujob's timestamp and performance query arrays after v3djobcleanup, which drops the job's last reference and frees...
CVE-2026-64070 powerpc/hv-gpci: fix preempt count leak in sysfs show paths
In the Linux kernel, the following vulnerability has been resolved: powerpc/hv-gpci: fix preempt count leak in sysfs show paths Four sysfs show callbacks in hv-gpci take getcpuvarhvgpcireqb which calls preemptdisable but only call the matching putcpuvar on the error path under the 'out:' label...
CVE-2026-64070
The CVE-2026-64070 issue affects the Linux kernel on powerpc/hv-gpci where four sysfs show() callbacks leak preempt_disable due to not pairing get_cpu_var with put_cpu_var on success paths. Repeated reads can increment preempt_count, leaving preemption disabled and potentially triggering a usermo...