EUVD-2026-27371

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcill: Fix firmware leak on error path Smatch reports: drivers/bluetooth/hcill.c:587 downloadfirmware warn: 'fw' from requestfirmware not released on lines: 544. In downloadfirmware, if requestfirmware succeeds but the...

CVE-2026-43069

CVE-2026-43069 concerns the Linux kernel Bluetooth stack (hci_ll). The issue arises when download_firmware() succeeds in request_firmware() but returns invalid content (no data/zero size), causing a resource leak because firmware is not released. The fix introduced is to call release_firmware() b...

CVE-2026-31748

CVE-2026-31748 (Linux kernel, comedi me_daq) : A firmware-overrun was fixed in the me2600_xilinx_download() path used by request_firmware(). The code trusts the firmware header and reads file_length from the first 4 bytes, then copies file_length bytes from offset 16 without verifying the data st...

CVE-2021-33270

D-Link DIR-809 devices with firmware through DIR-809AxFW1.12WWB0320190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request...

CVE-2022-49881 wifi: cfg80211: fix memory leak in query_regdb_file()

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in queryregdbfile In the function queryregdbfile the alpha2 parameter is duplicated using kmemdup and subsequently freed in regdbfwcb. However, requestfirmwarenowait can fail without calling...

CVE-2022-49881 wifi: cfg80211: fix memory leak in query_regdb_file()

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in queryregdbfile In the function queryregdbfile the alpha2 parameter is duplicated using kmemdup and subsequently freed in regdbfwcb. However, requestfirmwarenowait can fail without calling...

CVE-2024-43900 media: xc2028: avoid use-after-free in load_firmware_cb()

In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in loadfirmwarecb syzkaller reported use-after-free in loadfirmwarecb 1. The reason is because the module allocated a struct tuner in tunerprobe, and then the module initialization failed, the...

kernel: b43: format string leaking into error msgs

Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe...