EUVD-2026-35917

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

CVE-2026-34193 GPU DDK - Arbitrary write via UFO updates due insufficient pointer validation in rgxfw_to_ptr()

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...

CVE-2026-34193 GPU DDK - Arbitrary write via UFO updates due insufficient pointer validation in rgxfw_to_ptr()

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if extcaps is valid in BL setup. LVDS connectors do not have extended backlight caps; therefore, check whether the pointer is valid before accessing it. Selected from commit...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xfs: Only call xfarray,blobdestroy if we have a valid pointer. Only call the xfarray and xfblob destructors if we have a valid pointer, and make sure to null out that pointer afterwards. Note that this patch fixes a large number ...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: EFI: Fixed a panic in the kdump kernel. Check whether getnextvariable is actually a valid pointer before calling it. In the kdump kernel, this method is set to NULL, which causes a panic during the kexec-ed kernel boot process...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Null pointer dereferencing has been prevented in nvmefciogetuuid. The nvmefcfcpop structure, which describes an AEN operation, is initialized with a null pointer to the request structure. An FC LLDD may make a call to...

Null-pointer dereference and double-free via safe APIs

Two soundness violations exist in the Rust bindings for MetaCall: Null-pointer dereference: MetaCallFuture::newraw accepts a raw pointer without validation. The Debug impl calls Box::fromrawself.data on it. Passing a null pointer causes the Debug impl to construct a NonNull from null, producing...

EUVD-2026-24799

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if extcaps is valid in BL setup LVDS connectors don't have extended backlight caps so check if the pointer is valid before accessing it. cherry picked from commit 3f797396d7f4eb9bb6eded184bbc6f033628a6f6...

CVE-2026-31510

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref on l2capsockreadycb Before using sk pointer, check if it is null. Fix the following: KASAN: null-ptr-deref in range 0x0000000000000260-0x0000000000000267 CPU: 0 UID: 0 PID: 5985 Comm:...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to check the validity of the extcaps pointer. This vulnerability may allow the LVDS...

PT-2026-34365

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/amd/display component where the system fails to verify if the ext caps pointer is valid during backlight setup. This occurs because LVDS connectors do not...

CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

SUSE CVE-2026-31411

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

EUVD-2026-20469

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

CVE-2026-31411

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

CVE-2026-31411

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

PT-2026-31306

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ATM send path sendmsg - vcc sendmsg - sigd send. The system reads the vcc pointer from msg-vcc without validation, and this pointer originates fro...

CVE-2026-3777

The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers...