21912 matches found
CVE-2026-31639
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call-key When creating a client call in rxrpcallocclientcall, the code obtains a reference to the key. This is never cleaned up and gets leaked when the call is destroyed. Fix this by...
CVE-2026-31639 rxrpc: Fix key reference count leak from call->key
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call-key When creating a client call in rxrpcallocclientcall, the code obtains a reference to the key. This is never cleaned up and gets leaked when the call is destroyed. Fix this by...
CVE-2026-31638
The CVE-2026-31638 issue affects the Linux kernel rxrpc subsystem. When a client call on a channel has already been torn down, rxrpc_input_packet_on_conn() could still process a to-client packet; rxrpc_try_get_call() could return NULL and there would be no reference to drop. The code path then un...
EUVD-2026-25531
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpcinputpacketonconn can process a to-client packet after the current client call on the channel has already been torn down. In that case chan-call is NULL, rxrpctrygetcall retur...
CVE-2026-31638
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpcinputpacketonconn can process a to-client packet after the current client call on the channel has already been torn down. In that case chan-call is NULL, rxrpctrygetcall retur...
CVE-2026-31639
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call-key When creating a client call in rxrpcallocclientcall, the code obtains a reference to the key. This is never cleaned up and gets leaked when the call is destroyed. Fix this by...
EUVD-2026-25532
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call-key When creating a client call in rxrpcallocclientcall, the code obtains a reference to the key. This is never cleaned up and gets leaked when the call is destroyed. Fix this by...
CVE-2026-31638 rxrpc: Only put the call ref if one was acquired
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpcinputpacketonconn can process a to-client packet after the current client call on the channel has already been torn down. In that case chan-call is NULL, rxrpctrygetcall retur...
CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpcserverkeyring This patch fixes a reference count leak in rxrpcserverkeyring by checking if rx-securities is already set...
CVE-2026-31634
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpcserverkeyring This patch fixes a reference count leak in rxrpcserverkeyring by checking if rx-securities is already set...
CVE-2026-31634
The CVE-2026-31634 item concerns the Linux kernel rxrpc subsystem. Affected component: rxrpc_server_keyring() within the rxrpc code path. Root cause: a reference count leak that could occur if the code path handles security pointers improperly. The provided patch fixes the leak by adding a check ...
CVE-2026-31634
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpcserverkeyring This patch fixes a reference count leak in rxrpcserverkeyring by checking if rx-securities is already set...
EUVD-2026-25527
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpcserverkeyring This patch fixes a reference count leak in rxrpcserverkeyring by checking if rx-securities is already set...
CVE-2026-31604 wifi: rtw88: fix device leak on probe failure
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...
CVE-2026-31604
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...
CVE-2026-31604
The CVE-2026-31604 issue concerns the Linux kernel’s wifi: rtw88 driver. A memory leak arose because the driver grabbing a reference to the USB device during probe did not release it on all probe errors (e.g., descriptor parsing failures) while the interface remained bound to a driver. The fix dr...
EUVD-2026-25497
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...
CVE-2026-31604
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...
CVE-2026-31594 PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to perform later. This leads to an oops when .allowlink fails or when .droplink is performed. Th...
EUVD-2026-25487
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to perform later. This leads to an oops when .allowlink fails or when .droplink is performed. Th...