295 matches found
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: mISDN: fixed an issue involving misuse of putdevice in mISDNregisterdevice. We should not release references to putdevice before calling deviceinitialize...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: mtd: Fixed a device name leak when registering a device in addmtddevice. There is a kmemleak when registering a device fails: Unreferenced object 0xffff888101aab550 size 8: Command “insmod”, PID 3922, Jiffies 4295277753 Age...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: spi: Fixed a use-after-free of the addlock mutex Commit 6098475d4cb4 “spi: Fixed a deadlock when adding SPI controllers on SPI buses” introduced a per-controller mutex. However, the mutexunlock call for that lock occurs after the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Fixed a possible name leak in tcmloopsetuphbabus. If deviceregister fails in tcmloopsetuphbabus, the name allocated by devsetname needs to be freed. As commented in deviceregister, it should use putdevice t...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fixed a possible memory leak when the module exits. After committing 1fa5ae857bb1 “driver core: removed the struct device’s busid string array”, the name of the device is allocated dynamically. This allocation needs...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fixed a memory leak that occurred during registration failures in cscfgcreatedevice. deviceregister calls deviceinitialize. According to the documentation for deviceinitialize: “Use putdevice to release the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-hdmi: Fixed a reference count leak in imxhdmiprobe. The offinddevicebynode function takes a reference; we should use putdevice to release that reference. When devmkzalloc fails, there is no putdevice function available,...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 – fixed the use of memory after it is freed in rmiunregisterfunction. The putdevice function calls rmireleasefunction, which frees the “fn” pointer. Therefore, dereferencing fn-numofirqs in the next line...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021549)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021549 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in sndac97devregister If deviceregister fails in...
SUSE CVE-2025-71272
In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early before registering the device. In these cases, it returned an error code...
EUVD-2025-209672
In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early before registering the device. In these cases, it returned an error code...
CVE-2025-71272
In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early before registering the device. In these cases, it returned an error code...
CVE-2026-43192
In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dmputdevice when failing to get scsi dh name When commit fd81bc5cca8f "scsi: devicehandler: Return error pointer in scsidhattachedhandlername" added code to fail parsing the path if scsidhattachedhandlername...
CVE-2026-43192 dm mpath: Add missing dm_put_device when failing to get scsi dh name
In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dmputdevice when failing to get scsi dh name When commit fd81bc5cca8f "scsi: devicehandler: Return error pointer in scsidhattachedhandlername" added code to fail parsing the path if scsidhattachedhandlername...
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early before registering the device. In these cases, it returned an error code...
SUSE CVE-2026-31759
In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix double free in ulpiregisterinterface error path When deviceregister fails, ulpiregister calls putdevice on ulpi-dev. The device release callback ulpidevrelease drops the OF node reference and frees ulpi, but the...
Linux Distros Unpatched Vulnerability : CVE-2025-71272
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early...
PT-2026-37447
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the most register interface function. The function fails to correctly release resources when an error occurs before the device is registered, resulting in the...
CVE-2026-31759
In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix double free in ulpiregisterinterface error path When deviceregister fails, ulpiregister calls putdevice on ulpi-dev. The device release callback ulpidevrelease drops the OF node reference and frees ulpi, but the...
CVE-2026-31759
CVE-2026-31759 affects the Linux kernel USB ULPI path (usb: ulpi) where a double free could occur in ulpi_register_interface() after a failed device_register(), because the error path freed ulpi twice. The root cause is a missing delegation of cleanup to put_device() via ulpi_dev_release(), preve...