EUVD-2026-39295

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while the SMC call is still pending. In stratix10rsuprobe, the error paths f...

CVE-2026-53204

The CVE-2026-53204 issue concerns the Linux kernel firmware component for Stratix10 RSU. A NULL pointer dereference could occur if rsu_send_msg() times out during probe and subsequent error cleanup would still queue messages on a cleared channel. The fix adds proper cleanup: remove the async clie...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mmc: sunplus: fixed the return value check in mmcaddhost The mmcaddhost function may return an error if we ignore its return value. As a result: 1. The memory allocated in mmcallochost will be leaked. 2. A null-ptr-deref...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function returns error pointers, so the max3421hcd-spithread pointer can be either an error pointer or NULL. Check both cases before...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: stmmac: fixed leaks in the probe. These two error paths should be cleaned up before returning...

EUVD-2026-32366

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix netdev memory leak in dpaa2caamprobe When commit 0e1a4d427f58 "crypto: caam: Unembed netdev structure in dpaa2" converted embedded netdevice to dynamically allocated pointers, it added cleanup in...

CVE-2026-45954

CVE-2026-45954 concerns the Linux kernel fbdev driver (au1200fb). The issue arises when au1200fb_drv_probe fails at platform_get_irq: it returns an error without freeing allocated memory, causing a memory leak. A patch adds proper cleanup via a goto label to release resources. Red Hat notes the f...

CVE-2026-45900

The CVE-2026-45900 issue is in the Linux kernel crypto: caam module. During dpaa2_caam_probe, netdevs allocated for DPIO setup could leak if dpaa2_dpseci_dpio_setup() fails and the cleanup path in dpaa2_dpseci_free() did not consider previously allocated nets. The fix preserves the CPU mask of al...

PT-2026-43767

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the dpaa2 caam probe function within the crypto CAAM module. The issue arises because cleanup logic was missing in the dpaa2 dpseci free function for error paths...

PT-2026-43821

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the au1200fb drv probe function within the fbdev au1200fb component. The issue is triggered when the platform get irq function fails, causing the system to return...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: power:supply:max77705: Fixed the error handling in the probe function related to the workqueue. The createsinglethreadworkqueue function no longer returns error pointers; instead, it returns NULL. Additionally, the workqueue was...

SUSE CVE-2026-43460

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove callback The driver uses devmspiregistercontroller for registration, which automatically unregisters the controller via devm cleanup when the device is removed. The manual call to...

CVE-2026-43097

CVE-2026-43097 affects the Linux kernel PCI Hyper-V driver. During error handling in hv_pci_probe, the domain_nr is freed twice: first via pci_bus_release_emul_domain_nr(), and again when the bridge release callback pci_release_host_bridge_dev() runs during cleanup, leading to ida_free on an unal...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013039)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013039 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011372)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011372 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007486)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007486 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function...

CVE-2025-71141

In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drmkmshelperpollfini and drmatomichelpershutdown helpers should only be called when the device has been successfully registered. Currently, these functions are called...

CVE-2025-71141 drm/tilcdc: Fix removal actions in case of failed probe

In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drmkmshelperpollfini and drmatomichelpershutdown helpers should only be called when the device has been successfully registered. Currently, these functions are called...

CVE-2025-71141

In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drmkmshelperpollfini and drmatomichelpershutdown helpers should only be called when the device has been successfully registered. Currently, these functions are called...

CVE-2023-54204

In the Linux kernel, the following vulnerability has been resolved: mmc: sunplus: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, 1. the memory allocated in mmcallochost will be leaked 2. null-ptr-deref will happen when calling mmcremovehost in...