SUSE CVE-2026-23309

In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to triggerdatafree If triggerdataalloc fails and returns NULL, eventhisttriggerparse jumps to the outfree error path. While kfree safely handles a NULL pointer, triggerdatafree does not. This cause...

SUSE CVE-2026-23317

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code...

SUSE CVE-2026-23328

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmtchann mgmtchann may be set to NULL if the firmware returns an unexpected error in aie2sendmgmtmsgwait. This can later lead to a NULL pointer dereference in aie2hwstop. Fix this b...

SUSE CVE-2026-23349

In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix condition effect bit clearing As reported by MPDarkGuy on discord, NULL pointer dereferences were happening because not all the conditional effects bits were cleared. Properly clear all conditional effect bits fro...

SUSE CVE-2026-23366

In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes 'modes' in drmclientmodesetprobe may fail to kcalloc. If this occurs, we jump to 'out', calling modesdestroy on it, which dereferences it. This may result in a NULL pointer dereference in the...

SUSE CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

CVE-2026-23332

A flaw was found in the Linux kernel's intelpstate cpufreq driver. A local user can trigger a system crash, leading to a Denial of Service DoS, by attempting to disable the CPU turbo feature through the sysfs interface. This vulnerability occurs on systems booted with specific kernel arguments li...

CVE-2026-23381

A flaw was found in the Linux kernel's network bridging component. When Internet Protocol version 6 IPv6 is explicitly disabled, a critical data structure for Neighbor Discovery is not properly initialized. A remote attacker could exploit this by sending a specially crafted Internet Control Messa...

CVE-2026-23358

A flaw was found in the Linux kernel's drm/amdgpu driver. During slot reset error handling, the system could attempt to access an uninitialized list due to an uninitialized pointer. This could lead to system instability or a denial of service...

CVE-2026-23309

A flaw was found in the Linux kernel. When the 'triggerdataalloc' function fails to allocate memory and returns a null pointer, the subsequent 'triggerdatafree' function attempts to access this null pointer. This null pointer dereference can lead to a system crash, resulting in a Denial of Servic...

CVE-2026-23369

A flaw was found in the Linux kernel's i2c i801 driver. Under rare circumstances, multiple udev threads can concurrently access the i801acpiiohandler during system boot. This can lead to a null pointer dereference when the i2clockbus attempts to use an unregistered memory area. A local attacker...

CVE-2026-23349

A flaw was found in the Linux kernel's Human Interface Device HID subsystem, specifically within the pidff module. This vulnerability occurs because not all conditional effect bits were properly cleared, leading to null pointer dereferences. A local attacker could potentially exploit this flaw to...

CVE-2026-23328

A flaw was found in the Linux kernel's accel/amdxdna component. An unexpected firmware error during message handling can cause a critical communication variable mgmtchann to be set to NULL. This can lead to a NULL pointer dereference when the system attempts to stop hardware operations, resulting...

CVE-2026-23300

A flaw was found in the Linux kernel's IPv6 networking stack. When a standalone IPv6 nexthop object is created with a loopback device, it is misclassified as a reject route, leading to an unallocated pointer. If an IPv4 route then attempts to reference this nexthop, it causes a NULL pointer...

CVE-2026-23366

A flaw was found in the Linux kernel's Direct Rendering Manager DRM client component. This vulnerability occurs when the system attempts to destroy an uninitialized memory pointer, specifically the 'modes' variable within the drmclientmodesetprobe function, after a memory allocation failure. This...

CVE-2026-23348

A flaw was found in the Linux kernel, specifically within the CXL Compute Express Link and NVDIMM Non-Volatile Dual In-line Memory Module subsystems. A race condition can occur when NVDIMM objects attempt to reprobe after the cxlacpi module is removed, while the nvdimmbus object is missing. This...

EUVD-2026-15374

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. Then, if...

EUVD-2026-15348

In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes 'modes' in drmclientmodesetprobe may fail to kcalloc. If this occurs, we jump to 'out', calling modesdestroy on it, which dereferences it. This may result in a NULL pointer dereference in the...

EUVD-2026-15319

In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix condition effect bit clearing As reported by MPDarkGuy on discord, NULL pointer dereferences were happening because not all the conditional effects bits were cleared. Properly clear all conditional effect bits fro...

EUVD-2026-15317

In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...