CVE-2026-46261

A flaw was found in the Linux kernel. A null pointer dereference in the wpcm-fiu Serial Peripheral Interface SPI driver, specifically when platformgetresourcebyname returns a null value, could lead to a system crash. This vulnerability could allow a local attacker to cause a Denial of Service DoS...

SUSE CVE-2026-46261

In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcmfiuprobe platformgetresourcebyname can return NULL, which would cause a crash when passed the pointer to resourcesize. Move the fiu-memorysize assignment after the erro...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-qspi: check return value after calling platformgetresourcebyname This issue could lead to a null-ptr-deref error if platformgetresourcebyname returns NULL. Therefore, we need to check the return value...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmicglinkaltmode: fixed the use-after-free issue related to the DRM bridge. A recent DRM implementation that claimed to simplify support for “transparent bridges” and handling probe deferments ironically exposed a...

kernel: smc: Fix use-after-free in __pnet_find_base_ndev()

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...

UBUNTU-CVE-2025-71114

In the Linux kernel, the following vulnerability has been resolved: viawdt: fix critical boot hang due to unnamed resource allocation The VIA watchdog driver uses allocateresource to reserve a MMIO region for the watchdog control register. However, the allocated resource was not given a name, whi...

CVE-2022-50888

CVE-2022-50888 affects the Linux kernel remoteproc/qcom/q6v5 path. The vulnerability arises from q6v5_wcss_init_mmio() calling platform_get_resource_byname(), which may return NULL. If NULL is used as input to devm_ioremap(), a null pointer dereference can occur. The available connected documents...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989306)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989306 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: check return value after calling platformgetresourcebyname It will cause...

CVE-2023-53095

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix a NULL pointer dereference The LRU mechanism may look up a resource in the process of being removed from an object. The locking rules here are a bit unclear but it looks currently like res-bo assignment is protected ...

SUSE-SU-2025:1024-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Other fixes: - Update to Tomcat 10.1.39 Fixes: + launch with java 17 bsc1239676 Catalina + Fix: 69602: Fix regression in releases from...

Linux Distros Unpatched Vulnerability : CVE-2022-48887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/vmwgfx: Remove rcu locks from user resources User resource lookups used rcu to avoid two extra atomics. Unfortunately the rcu paths were buggy and it was ea...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check the return value of platformgetresourcebyname in the spi-fsl-qspi driver, which could...

SUSE CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: lltemac: platformgetresource replaced by wrong function The function platformgetresource was replaced with devmplatformioremapresourcebyname and is called using 0 as name. This eventually ends up in platformgetresourcebyname...

AZL-40106 CVE-2024-26909 affecting package kernel for versions less than 6.6.29.1-3

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmicglinkaltmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmicglinkaltmode...

DEBIAN-CVE-2024-26909

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmicglinkaltmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmicglinkaltmode...

UBUNTU-CVE-2024-26909

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmicglinkaltmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmicglinkaltmode...

PT-2025-18859 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference issue has been resolved in the Linux kernel. The issue is related to the LRU mechanism, which may look up a resource in the process of being removed from an...

The vulnerability of the Shockwave Player software platform, which allows a hacker to elevate their privileges

The vulnerability of the Shockwave Player software’s DLL hijacking library is related to the unreliable nature of the process for locating critical resources. Exploiting this vulnerability allows a malicious actor to enhance their privileges remotely...

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...