Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mailbox: zynq-ipi: fixed error handling when deviceregister fails When deviceregister fails, there are two issues: 1. The name allocated by devsetname is leaked. 2. The parent of the device is not NULL; deviceunregister is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: vdpasim: A possible memory leak was fixed in vdpasimnetinit and vdpasimblkinit. When a fault is injected while probing a module, if deviceregister fails in vdpasimnetinit or vdpasimblkinit, and the refcount of kobject is not...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fixed a possible memory leak when the module exits. After committing 1fa5ae857bb1 “driver core: removed the struct device’s busid string array”, the name of the device is allocated dynamically. This allocation needs...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97 – fixed a double-free in sndac97controllerregister. If ac97addadapter fails, putdevice is the correct way to release the device reference. kfree is not required. Add kfree if idralloc fails, and also in...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fixed an error in handling chameleonparsegdd. If mcbdeviceregister returns an error in chameleonparsegdd, the reference count of the bus and device names is exposed. This issue is addressed by calling putdevice to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Thermal: Core – The putdevice function should only be called after deviceregister fails. putdevice should not be called before a previous call to deviceregister. thermalcoolingdeviceregister does not follow this principle...

EUVD-2026-32265

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in cssallocsubchannel cssallocsubchannel calls deviceinitialize before setting up the DMA masks. If dmasetcoherentmask or dmasetmask fails, the error path frees the subchannel structure...

CVE-2026-45981

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in cssallocsubchannel cssallocsubchannel calls deviceinitialize before setting up the DMA masks. If dmasetcoherentmask or dmasetmask fails, the error path frees the subchannel structure...

CVE-2026-45981

CVE-2026-45981 (Linux kernel, s390/cio): The vulnerability stems from device lifecycle mismanagement in css_alloc_subchannel() where, if dma_set_coherent_mask() or dma_set_mask() fails, the error path frees the subchannel without proper device model reference counting. After device_initialize() i...

CVE-2026-45981 s390/cio: Fix device lifecycle handling in css_alloc_subchannel()

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in cssallocsubchannel cssallocsubchannel calls deviceinitialize before setting up the DMA masks. If dmasetcoherentmask or dmasetmask fails, the error path frees the subchannel structure...

PT-2026-43848

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the css alloc subchannel function where device initialize is called before the DMA masks are configured. If the dma set coherent mask or dma set mask functions fail, t...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 – fixed the use of memory after it is freed in rmiunregisterfunction. The putdevice function calls rmireleasefunction, which frees the “fn” pointer. Therefore, dereferencing fn-numofirqs in the next line...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: mISDN: fixed a possible memory leak in mISDNdspelementregister After committing 1fa5ae857bb1 "driver core: remove the struct device’s busid string array", the name of the device is allocated dynamically. Use putdevice to relea...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wwanhwsim: fixed a possible memory leak in wwanhwsimdevnew When a fault is injected while probing a module, if deviceregister fails, but the refcount of the kobject is not decreased to 0, the name allocated in devsetname may be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-hdmi: Fixed a reference count leak in imxhdmiprobe. The offinddevicebynode function takes a reference; we should use putdevice to release that reference. When devmkzalloc fails, there is no putdevice to release the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Fixed a possible name leak in tcmloopsetuphbabus. If deviceregister fails in tcmloopsetuphbabus, the name allocated by devsetname needs to be freed. As commented in deviceregister, it should use putdevice t...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: cxl: fixed a possible null-ptr-deref in cxlguestinitafu|adapter. If deviceregister fails in cxlregisterafu|adapter, the device is not added. In this case, deviceunregister cannot be called in the error path. Otherwise, a...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021549)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021549 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in sndac97devregister If deviceregister fails in...

SUSE CVE-2025-71272

In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early before registering the device. In these cases, it returned an error code...

EUVD-2025-209672

In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early before registering the device. In these cases, it returned an error code...