CVE-2026-43402

In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread exit paths to prevent use-after-free Guillaume reported crashes via corrupted RCU callback function pointers during KUnit testing. The crash was traced back to the pidfs rhashtable conversion which...

CVE-2026-26986

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly cleaning up the rqxprtctxt pointer in SUNRPC, which could lead to a double release...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992355)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992355 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Clean dangling pointer on bind error path mtkdrmbind can fail, in which case...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992528)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992528 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Clean dangling pointer on bind error path mtkdrmbind can fail, in which case...

CVE-2025-40116

In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function returns error pointers so the max3421hcd-spithread pointer can be either error pointers or NULL. Check for both before dereferencing i...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414635 advisory. The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too fa...

SUSE-SU-2025:20449-1 Security update for kernel-livepatch-MICRO-6-0_Update_4

This update for kernel-livepatch-MICRO-6-0Update4 fixes the following issues: - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate bsc1235062 - CVE-2024-56582: btrfs: fix use-after-free in btrfsencodedreadendio bsc1235129 - CVE-2024-56601: net: inet: do...

CVE-2025-38070

In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: Add NULL check in sma1307settingloaded All varibale allocated by kzalloc and devmkzalloc could be NULL. Multiple pointer checks and their cleanup are added. This issue is found by our static analysis tool...

SUSE CVE-2025-37986

In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a Type-C partner disconnects, this patch clears the pointers upon partner unregistration. This ensures a...

kernel: wifi: cfg80211: clear wdev->cqm_config pointer on free

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear wdev-cqmconfig pointer on free When we free wdev-cqmconfig when unregistering, we also need to clear out the pointer since the same wdev/netdev may get re-registered in another network namespace, then...

PT-2025-22269

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue involved the use of invalid USB device pointers after a Type-C partner disconnects. To address this, a patch was applied ...

Astra Linux – Vulnerability in libstb

stbvorbis is a single-file library licensed under the MIT license, designed for processing OGG Vorbis files. A properly crafted file may cause a memory allocation failure in the startdecoder function. In such cases, the function returns early, but some of the pointers in f-commentlist remain...

CVE-2024-56602

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: do not leave a dangling sk pointer in ieee802154create sockinitdata attaches the allocated sk object to the provided sock object. If ieee802154create fails later, the allocated sk object is freed, but the danglin...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

Red Hat libvirt 安全漏洞

Red Hat libvirt is a Linux API for implementing Linux virtualization features from Red Hat, Inc. It supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtual products for other operating systems. A security vulnerability exists in Red Hat libvirt that stems...

USN-589-1: unzip vulnerability

Tavis Ormandy discovered that unzip did not correctly clean up pointers. If a user or automated service was tricked into processing a specially crafted ZIP archive, a remote attacker could execute arbitrary code with user privileges...

iDefense Security Advisory 03.23.07: Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability

Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability iDefense Security Advisory 03.23.07 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 23, 2007 I. BACKGROUND Sun Java System Directory Server is an LDAP server distributed by Sun with multiple...