EUVD-2026-32466

In the Linux kernel, the following vulnerability has been resolved: spi: fix resource leaks on device setup failure Make sure to call controller cleanup if spisetup fails while registering a device to avoid leaking any resources allocated by setup...

CVE-2026-46083 spi: fix resource leaks on device setup failure

In the Linux kernel, the following vulnerability has been resolved: spi: fix resource leaks on device setup failure Make sure to call controller cleanup if spisetup fails while registering a device to avoid leaking any resources allocated by setup...

CVE-2026-46049

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Add fallback to default RSR for S/PDIF spdifpassthruplaybackgetresources uses atc-pllrate as the RSR for the MSR calculation loop. However, pllrate is only updated in atcpllinit and not in hwpllinit, so it remains 0...

EUVD-2026-32415

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in vfiocdxsetmsitrigger. Without this check, userspace can trigger a NULL pointer...

CVE-2026-46004

The CVE-2026-46004 issue affects the Linux kernel ALSA caiaq driver. The probe path in setup_card() mishandled errors (e.g., after snd_card_register()), potentially causing use-after-free in subsequent calls such as snd_usb_caiaq_control_init(). The fix changes setup_card() to return an error cod...

CVE-2026-45939 gpib: Fix memory leak in ni_usb_init()

In the Linux kernel, the following vulnerability has been resolved: gpib: Fix memory leak in niusbinit In niusbinit, if niusbsetupinit fails, the function returns -EFAULT without freeing the allocated writes buffer, leading to a memory leak. Additionally, niusbsetupinit returns 0 on failure, whic...

CVE-2026-45939

CVE-2026-45939 in the Linux kernel’s gpib path (ni_usb_init/ni_usb_setup_init) causes a memory leak: when ni_usb_setup_init() fails, ni_usb_init() returns -EFAULT without freeing the allocated writes buffer. Also, ni_usb_setup_init() can return 0 on failure, leading to an improper -EFAULT in ni_u...

CVE-2026-45848 apparmor: fix NULL sock in aa_sock_file_perm

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aasockfileperm Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops. The fix for NULL pointer dereference in unixneedsrevalidation shows...

CVE-2026-45848

The CVE-2026-45848 entry concerns the Linux kernel apparmor component, specifically aa_sock_file_perm. The vulnerability arises from handling when sock and sock-sk can be NULL during socket setup or teardown, which could lead to a NULL pointer dereference and an oops. The description notes this i...

PT-2026-43806

In the Linux kernel, the following vulnerability has been resolved: gpib: Fix memory leak in ni usb init In ni usb init, if ni usb setup init fails, the function returns -EFAULT without freeing the allocated writes buffer, leading to a memory leak. Additionally, ni usb setup init returns 0 on...

Linux Distros Unpatched Vulnerability : CVE-2026-46083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: fix resource leaks on device setup failure Make sure to call controller cleanup if spisetup fails while registering a device to avoid leaking any resources...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the caiaq driver’s setupcard function not properly handling error conditions, potentially leading...

PT-2026-43901

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A NULL pointer dereference exists in the interrupt trigger path of the vfio/cdx module. The vfio cdx set msi trigger function fails to validate if Message Signaled Interrupts MSI are...

CVE-2026-46083

spi: fix resource leaks on device setup failure...

Linux Distros Unpatched Vulnerability : CVE-2026-46004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: caiaq: Handle probe errors properly The probe procedure of setupcard in caiaq driver doesn't treat the error cases gracefully, e.g. the error from...

PT-2026-43871

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A Use-After-Free UAF issue exists in the caiaq driver of the Linux kernel. The setup card function does not handle error cas...

PT-2026-43950

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs during device setup failure in the SPI Serial Peripheral Interface subsystem. Specifically, if the spi setup function fails while registering a device, the...

PT-2026-44053

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 3.12.0 Description FileRise is a self-hosted web-based file manager. The endpoint '/api/totp setup.php' can be accessed by a session that has only completed the password verification state pending login user. If the...

PT-2026-43715

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the AppArmor module. Specifically, the aa sock file perm function does not properly handle cases where sock and sock-sk can be NULL during socket set...

PT-2026-43755

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the raid1 run function. This function calls setup conf, which registers a thread using md register thread. If the raid1 set limits function fails, the registered...