74 matches found
SUSE CVE-2026-53305
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ps883x: Fix Oops at unbind When trying to unbind a device in order to bind to it vfio-platform as: echo bc0000.geniqup /sys/bus/platform/devices/bc0000.geniqup/driver/unbind I get the following Oops: 436.478639 Unable...
CVE-2026-53305
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ps883x: Fix Oops at unbind When trying to unbind a device in order to bind to it vfio-platform as: echo bc0000.geniqup /sys/bus/platform/devices/bc0000.geniqup/driver/unbind I get the following Oops: 436.478639 Unable...
UBUNTU-CVE-2026-53305
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ps883x: Fix Oops at unbind When trying to unbind a device in order to bind to it vfio-platform as: echo bc0000.geniqup /sys/bus/platform/devices/bc0000.geniqup/driver/unbind I get the following Oops: 436.478639 Unable...
CVE-2026-53305
CVE-2026-53305 affects the Linux kernel USB Type-C ps883x driver. A NULL pointer dereference Oops occurs when unbinding a device for vfio-platform binding (example using unbind on bc0000.geniqup), caused by ps883x_retimer_remove() reading driver data via i2c_get_clientdata() that was never set du...
CVE-2026-45874
CVE-2026-45874 affects the Linux kernel component under the phosphate path for Freescale IMX8QM HSIO. The issue arises when the devicetree provides no fsl,refclk-pad-mode; during probe, refclk_pad is set to NULL, and imx_hsio_configure_clk_pad() uses this pointer unconditionally, risking a NULL p...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: qcom: Fixed NULL dereferencing in asocqcomlpasscpuplatformprobe. The devmkzalloc function in asocqcomlpasscpuplatformprobe might potentially return a NULL pointer. NULL pointer dereferencing could occur without any...
EUVD-2026-27667
In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix a reference leak bug in mtkmdpremove In mtkmdpprobe, vpugetplatdevice increases the reference count of the returned platform device. Add platformdeviceput to prevent reference leak...
DEBIAN-CVE-2026-31576
In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free memory after the device is registered in hackrfprobe In hackrf driver, the following race condition occurs: CPU0 CPU1 hackrfprobe kzalloc; // alloc hackrfdev .... v4l2deviceregister; .... fd =...
CVE-2026-31549
CVE-2026-31549 relates to the Linux kernel cp2615 I2C driver. The vulnerability arises when the driver uses the USB device serial string as the i2c adapter name but does not ensure the string exists, potentially causing a NULL pointer dereference if a device lacks a serial number. Documented impa...
SUSE CVE-2026-23467
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dmc: Fix an unlikely NULL pointer deference at probe inteldmcupdatedc6allowedcount oopses when DMC hasn't been initialized, and dmc is thus NULL. That would be the case when the call path is intelpowerdomainsinithw -...
CVE-2026-23467 drm/i915/dmc: Fix an unlikely NULL pointer deference at probe
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dmc: Fix an unlikely NULL pointer deference at probe inteldmcupdatedc6allowedcount oopses when DMC hasn't been initialized, and dmc is thus NULL. That would be the case when the call path is intelpowerdomainsinithw -...
CVE-2026-23467
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dmc: Fix an unlikely NULL pointer deference at probe inteldmcupdatedc6allowedcount oopses when DMC hasn't been initialized, and dmc is thus NULL. That would be the case when the call path is intelpowerdomainsinithw -...
CVE-2026-23467
CVE-2026-23467 affects the Linux kernel drm/i915/dmc driver. The vulnerability is a NULL pointer dereference that can occur during probe when DC6 is unexpectedly enabled, due to intel_power_domains_init_hw() calling intel_dmc_update_dc6_allowed_count() before intel_dmc_init(). The root cause is u...
CVE-2026-23431 spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()
In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in amlspisgprobe In amlspisgprobe, ctlr is allocated by spialloctarget/spiallochost, but fails to call spicontrollerput in several error paths. This leads to a memory leak whenever the driver...
PT-2026-30161
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dmc: Fix an unlikely NULL pointer deference at probe intel dmc update dc6 allowed count oopses when DMC hasn't been initialized, and dmc is thus NULL. That would be the case when the call path is intel power domains init...
CVE-2026-23387
In the Linux kernel, the following vulnerability has been resolved: pinctrl: cirrus: cs42l43: Fix double-put in cs42l43pinprobe devmaddactionorreset already invokes the action on failure, so the explicit put causes a double-put...
CVE-2026-23387
In the Linux kernel, the following vulnerability has been resolved: pinctrl: cirrus: cs42l43: Fix double-put in cs42l43pinprobe devmaddactionorreset already invokes the action on failure, so the explicit put causes a double-put...
SUSE CVE-2025-71196
In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe The "index" variable is used as an index into the usbphyc-phys array which has usbphyc-nphys elements. So if it is equal to usbphyc-nphys then it is one element out of bounds. The "index...
CVE-2025-71196
In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe The "index" variable is used as an index into the usbphyc-phys array which has usbphyc-nphys elements. So if it is equal to usbphyc-nphys then it is one element out of bounds. The "index...
EUVD-2026-5064
In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchipusb2phyprobe The foreachavailablechildofnode calls ofnodeput to release childnp in each success loop. After breaking from the loop with the childnp has been released, the...