1038 matches found
PT-2026-37577
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the amdgpu gem va ioctl function where the fence was selected too early and its reference was not managed correctly. This leads to refcount underflows and the use of...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the NETDEVCHANGEMTU event triggered when registered devices are deregistered. This vulnerability...
CVE-2026-43063
CVE-2026-43063 pertains to the Linux kernel XFS attribute recovery path. The vulnerability arises when xlog_recovery_iget* fails to yield a valid pointer and an ensuing irele operates on a dangling pointer, potentially enabling a local attacker to crash the system and cause a DoS. The Red Hat adv...
SUSE CVE-2026-31703
In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inodeswitchwbsworkfn inodeswitchwbsworkfn has a loop like: wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !list break; ... process the items ... Now adding of...
CVE-2026-31701
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in createcard The caiaq driver stores a pointer to the parent USB device in cdev-chip.dev but never takes a reference on it. The card's privatefree callback, sndusbcaiaqcardfree, ca...
CVE-2026-31769
In the Linux kernel, the following vulnerability has been resolved: gpib: fix use-after-free in IO ioctl handlers The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the descriptor via...
CVE-2026-31701
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in createcard The caiaq driver stores a pointer to the parent USB device in cdev-chip.dev but never takes a reference on it. The card's privatefree callback, sndusbcaiaqcardfree, ca...
CVE-2026-31701
In CVE-2026-31701, the Linux kernel ALSA caiaq driver (USB audio) stored a pointer to the parent usb_device without a reference. The snd_usb_caiaq_card_free() path can run after the USB device is disconnected, dereferencing freed memory (use-after-free). The fix is to take a reference on the USB ...
CVE-2026-31701 ALSA: caiaq: take a reference on the USB device in create_card()
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in createcard The caiaq driver stores a pointer to the parent USB device in cdev-chip.dev but never takes a reference on it. The card's privatefree callback, sndusbcaiaqcardfree, ca...
PT-2026-36395
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the lpvo usb driver within the GPIB subsystem. During the GPIB attach process, the driver iterates through registered USB interfaces and acquires references to US...
CVE-2026-31594 PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to perform later. This leads to an oops when .allowlink fails or when .droplink is performed. Th...
EUVD-2026-25487
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to perform later. This leads to an oops when .allowlink fails or when .droplink is performed. Th...
CVE-2026-31594
The CVE-2026-31594 issue is in the Linux kernel PCI endpoint framework (pci-epf-vntb). The root cause is a duplicate resource teardown in epf_ntb_epc_destroy(), causing an oops/kernel crash when .allow_link fails or .drop_link runs. The documented fix removes the helper and drops pci_epc_put(), t...
CVE-2026-31555
In the Linux kernel, the following vulnerability has been resolved: futex: Clear stale exiting pointer in futexlockpi retry path Fuzzying/stressing futexes triggered: WARNING: kernel/futex/core.c:825 at waitforownerexiting+0x7a/0x80, CPU11: futexlockpis/524 When futexlockpiatomic sees the owner i...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a underflow in the reference counting mechanism used in intelengineparkheartbeat. This...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a reference counting issue in the batman-adv module. This vulnerability may lead to reuse of resources...
PT-2026-34435
In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parent port in cxl detach ep cxl detach ep is called during bottom-up removal when all CXL memory devices beneath a switch port have been removed. For each port in the hierarchy it locks both the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010985)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010985 advisory. In the Linux kernel, the following vulnerability has been resolved: memory: pl353-smc: Fix refcount leak bug in pl353smcprobe The break of foreachavailablechildofnod...
CVE-2026-33023
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists in loadwithgdkpixbuf in loader.c. The cleanup path manually frees the sixelframet object and its interna...
CVE-2026-33023
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists in loadwithgdkpixbuf in loader.c. The cleanup path manually frees the sixelframet object and its interna...