Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Input: i8042 – fixed the issue of leaking the platform device when the module was removed. Avoid resetting the i8042platformdevice pointer that is shared across modules in i8042probe or i8042remove. This ensures that the device c...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fixed the warning in isl29028remove The driver uses a non-managed form of the register function in isl29028remove. To maintain the release order that mirrors the ordering in probe, the driver should also use...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Fixed the omission of platformsetdrvdata Added platformsetdrvdata to armniprobe; otherwise, calling platformgetdrvdata in remove will return NULL...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: rcarfdp1: Fixed a reference count leak in the probe and remove functions. rcarfcpget takes a reference, which should be balanced with rcarfcpput. Added the missing rcarfcpput function in fdp1remove, and corrected the error...

CVE-2023-54053

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwlpciprobe will fail and free the trans, then afterwards iwlpciremove will be called and crash by trying to access trans which is already freed, fix...

CVE-2023-54109

CVE-2023-54109 affects the Linux kernel in media: rcar_fdp1. The vulnerability was due to a refcount leak: rcar_fcp_get() references were not balanced with rcar_fcp_put() in fdp1_probe error paths and in fdp1_remove. The fix adds the missing rcar_fcp_put() calls to balance references, addressing ...

SUSE CVE-2025-68323

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec-work The delayed work uec-work is scheduled in gaokunucsiprobe but never properly canceled in gaokunucsiremove. This creates use-after-free scenarios where the ucsi and gaokunucs...

PT-2025-52251

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a use-after-free issue within the USB Type-C Universal Serial Bus Implementers Forum UCSi component. Specifically, a delayed work item uec-work was scheduled b...

CVE-2025-68172 crypto: aspeed - fix double free caused by devm

In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed - fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...

kernel: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods

In the Linux kernel, the following vulnerability has been resolved: can: mcan: pci: add missing mcanclassfreedev in probe/remove methods In mcanpciremove and error handling path of mcanpciprobe, mcanclassfreedev should be called to free resource allocated by mcanclassallocatedev, otherwise there...

SUSE CVE-2022-49861

In the Linux kernel, the following vulnerability has been resolved: dmaengine: mvxorv2: Fix a resource leak in mvxorv2remove A clkprepareenable call in the probe is not balanced by a corresponding clkdisableunprepare in the remove function. Add the missing call...

SUSE CVE-2022-49701

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Allocate/free queue resource only during probe/remove Currently, the sub-queues and event pool resources are allocated/freed for every CRQ connection event such as reset and LPM. This exposes the driver to a couple...

DEBIAN-CVE-2022-49701

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Allocate/free queue resource only during probe/remove Currently, the sub-queues and event pool resources are allocated/freed for every CRQ connection event such as reset and LPM. This exposes the driver to a couple...

UBUNTU-CVE-2022-49701

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Allocate/free queue resource only during probe/remove Currently, the sub-queues and event pool resources are allocated/freed for every CRQ connection event such as reset and LPM. This exposes the driver to a couple...

kernel: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove

A vulnerability was found in the hvnetvsc driver in the Linux kernel, where a race condition is present between the netvscprobe and netvscremove functions. This race condition could lead to system hangs during network device removal...

kernel: media: bttv: fix use after free error due to btv->timeout timer

In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv-timeout timer There may be some a race condition between timer function bttvirqtimeout and bttvremove. The timer is setup in probe and there is no timerdelete operation in remove...

kernel: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove

A vulnerability was found in the hvnetvsc driver in the Linux kernel, where a race condition is present between the netvscprobe and netvscremove functions. This race condition could lead to system hangs during network device removal...

UBUNTU-CVE-2024-39491

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of csdsp instance The csdsp instance is initialized in the driver probe so it should be freed in the driver remove. Also fix a missing call to csdspremove in the error path of cs35l56hdacommonprob...

UBUNTU-CVE-2021-47526

In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: Fix NULL pointer dereference in -remove drvdata has to be set in probe - otherwise platformgetdrvdata causes null pointer dereference BUG in remove...

DEBIAN-CVE-2024-27433

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clkmt8135apmixedprobe 'clkdata' is allocated with mtkdevmallocclkdata. So calling mtkfreeclkdata explicitly in the remove function would lead to a double-free. Remov...