Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8183: fixed a refcount leak in mt8183mt6358ts3a227max98357devprobe. The node returned by ofparsephandle has a refcount that is incremented; ofnodeput must be called when using it again. Therefore, this issue nee...

SUSE CVE-2026-52904

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkmdevice leak on aperture removal failure When apertureremoveconflictingpcidevices fails during probe, the error path returns directly without unwinding the nvkmdevice that was just allocated by nvkmdevicepcine...

EUVD-2026-35433

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkmdevice leak on aperture removal failure When apertureremoveconflictingpcidevices fails during probe, the error path returns directly without unwinding the nvkmdevice that was just allocated by nvkmdevicepcine...

CVE-2025-71299

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...

CVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...

CVE-2025-71299

CVE-2025-71299 affects the Linux kernel driver spi_cadence_quadspi. The root cause is a runtime PM interaction during probe: a pm_runtime_disable in error paths could lead to duplicate clock disables when PM is active, especially with missing/broken DT descriptions for flash devices. The document...

CVE-2026-43246

A flaw was found in the Linux kernel's tw9906 driver. An issue in an error path within the tw9906probe function can lead to a memory leak. Specifically, memory allocated during the initialization of the video for Linux 2 V4L2 control handler is not properly released, which could result in system...

CVE-2026-43218

A flaw was found in the tw9903 driver within the Linux kernel. This vulnerability occurs in an error handling path of the tw9903probe function, where memory allocated for video for Linux 2 V4L2 control handlers is not properly released. This oversight can lead to a memory leak, potentially causin...

CVE-2026-43097

In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double idafree in hvpciprobe error path If hvpciprobe fails after storing the domain number in hbus-bridge-domainnr, there is a call to free this domainnr via pcibusreleaseemuldomainnr, however, during cleanup, the...

CVE-2026-43097

In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double idafree in hvpciprobe error path If hvpciprobe fails after storing the domain number in hbus-bridge-domainnr, there is a call to free this domainnr via pcibusreleaseemuldomainnr, however, during cleanup, the...

PT-2026-37586

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the tw9906 probe function. In a specific error path, memory allocated by v4l2 ctrl handler init and v4l2 ctrl new std is not properly released. Recommendations At...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the probe error path The commit 7c75bde329d7 “usb: musb: musbdsps: requestirq after initializing musb” has corrected the calls to dspssetupoptionalvbusirq and dspscreatemusbpdev, but it did not update the err...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double-free caused by devm The clock obtained through devmclkgetenabled is automatically managed by devres. It will be disabled and freed when the driver is detached. Manual calls to clkdisableunprepare in th...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/52xx: Fixed a resource leak in the error handling path. The error handling path of mpc52xxlpbfifoprobe contains a requestirq call, which is not accompanied by a corresponding freeirq call. We have added the missing call,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: slimbus: qcom-ngd: cleanup in the probe error path Added a proper error path in the probe function to clean up resources that were previously acquired/allocated, in order to fix warnings that appear during probe deferral: The...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000 – Fixed a UAF bug in the error path of probing. When the driver fails in sndcardregister during probing, it will free the bcd2k-midiouturb before terminating it, which could lead to a UAF bug. The following log can...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005652 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/52xx: Fix a resource leak in an error handling path The error handling path of...

CVE-2026-23068

In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spiallochost to allocate the controller but registers it using devmspiregistercontroller. If devmregisterrestarthandler fails, the code jumps to the...

UBUNTU-CVE-2026-23068

In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spiallochost to allocate the controller but registers it using devmspiregistercontroller. If devmregisterrestarthandler fails, the code jumps to the...

CVE-2026-23087 scsi: xen: scsiback: Fix potential memory leak in scsiback_remove()

In the Linux kernel, the following vulnerability has been resolved: scsi: xen: scsiback: Fix potential memory leak in scsibackremove Memory allocated for struct vscsiblkinfo in scsibackprobe is not freed in scsibackremove leading to potential memory leaks on remove, as well as in the scsibackprob...