Linux Distros Unpatched Vulnerability : CVE-2026-6666

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field. CVE-2026-6666 No...

Unity Linux 20.1070e Security Update: expat (UTSA-2026-016799)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016799 advisory. libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. Tenable has extracted the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: fio (UTSA-2026-016798)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016798 advisory. A NULL pointer dereference vulnerability exists in fio Flexible I/O Tester v3.41 when parsing job files containing the fdppli option. The callback function strfdppli...

PgBouncer 代码问题漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Versions of PgBouncer prior to 1.25.2 had code vulnerabilities due to null pointer references. If the server sends error responses without the SQLSTATE field, it may lead to crashes...

Unity Linux 20.1070e Security Update: expat (UTSA-2026-016783)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016783 advisory. libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. Tenable has extracted the preceding description block directly...

CVE-2026-43431

A flaw was found in the Linux kernel's xhci host controller driver. This vulnerability occurs when the number of port registers counted in xhci-maxports is greater than the ports reported by Supported Protocol capabilities. This can lead to a NULL pointer dereference, causing a kernel crash and...

CVE-2026-43424

A flaw was found in the Linux kernel's USB gadget subsystem ftcm. A malicious or misconfigured USB host can exploit a race condition by sending specific Bulk-Only Transport BOT commands. This can trigger a NULL pointer dereference, leading to a kernel panic and a local Denial of Service DoS on th...

CVE-2026-43422

A flaw was found in the Linux kernel's USB legacy NCM Network Control Model driver. This vulnerability occurs due to a NULL pointer dereference in the gncmbind function, where the driver attempts to access a network device netdevice before it has been fully initialized. An attacker could...

CVE-2026-43421

A flaw was found in the Linux kernel's USB gadget function for Network Control Model NCM. During device disconnection, a network device could outlive its parent gadget device, leading to dangling system file system sysfs links and null pointer dereference problems. This vulnerability can result i...

CVE-2026-43416

A flaw was found in the Linux kernel. A local user can cause a denial of service DoS by triggering a NULL pointer dereference within the perf subsystem. This occurs when the memory management structure current-mm is prematurely released before the system attempts to retrieve the user callchain,...

GHSA-4RQF-GRM6-VF75 free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the RemoveAmfSubscriptionsInfoProcedure process. An attacker can cause the application to panic and disrupt service availability by sending a crafted DELETE request with a nonexistent subsId after creating a...

CVE-2026-43413

A flaw was found in the Linux kernel's hisisas component. A local user can trigger a NULL pointer dereference by attempting to scan an unsupported channel through the userscan function. This vulnerability can lead to a system crash, resulting in a Denial of Service DoS...

SUSE-SU-2026:1786-1 Security update for the Linux Kernel (Live Patch 77 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.293 fixes various security issues The following security issues were fixed: - CVE-2026-23004: dst: fix races in rt6uncachedlistdel and rtdeluncachedlist bsc1258655. - CVE-2026-23204: net/sched: clsu32: use skbheaderpointercareful...

CVE-2026-43410

A flaw was found in the Linux kernel's stratix10-rsu firmware driver. When the Remote System Update RSU is not enabled in the First Stage Boot Loader FSBL, the driver attempts to access an already-freed channel. This can lead to a NULL pointer dereference, causing a kernel panic and resulting in ...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the provisioningOfTrafficRoutingInfo function when a POST request to the app-session creation endpoint includes suppFeat set to "1" and a medComponents entry with afAppId present b...

GHSA-WWQH-7JM5-GJ7W free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference

Summary free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" enabling traffic-routing feature negotiation and whose medComponents entries supply an afAppId but NO AfRoutReq. The create path then calls...

GHSA-WR8J-6CHW-GM6P free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference

Summary free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the consumer wrapper returns err != nil together with a nil response struct. The...

free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference

Summary free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the consumer wrapper returns err != nil together with a nil response struct. The...