CVE-2026-46815

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

SUSE CVE-2026-43229

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix device cleanup order to prevent kernel panic Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread...

CVE-2026-43290 media: uvcvideo: Return queued buffers on start_streaming() failure

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Return queued buffers on startstreaming failure Return buffers if streaming fails to start due to uvcpmget error. This bug may be responsible for a warning I got running while :; do yavta -c3 /dev/video0; done on...

CVE-2026-43189

A flaw was found in the v4l2-async component of the Linux kernel. Improper error handling during asynchronous video device matching can lead to a null pointer dereference. This issue could allow a local attacker to trigger a system crash, resulting in a Denial of Service DoS...

EUVD-2026-27792

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix device cleanup order to prevent kernel panic Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread...

EUVD-2026-27790

In the Linux kernel, the following vulnerability has been resolved: media: radio-keene: fix memory leak in error path Fix a memory leak in usbkeeneprobe. The v4l2 control handler is initialized and controls are added, but if v4l2deviceregister or videoregisterdevice fails afterward, the handler w...

CVE-2026-43229

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix device cleanup order to prevent kernel panic Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread...

CVE-2026-43229 media: chips-media: wave5: Fix device cleanup order to prevent kernel panic

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix device cleanup order to prevent kernel panic Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread...

PT-2026-37569

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix device cleanup order to prevent kernel panic Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - media: meson: vdec: fixed a possible refcount leak in vdecprobe - v4l2deviceunregister must be called to reset the refcount obtained by v4l2deviceregister when vdecprobe fails or vdecremove is called...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: move videodevalloc. Some code has been moved out of zr36057init, and new functions have been created to handle zr-videodev. This allows for easier code reading and fixes a memory leak related to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: ov2740: Fixed a memory leak in ov2740initcontrols There is a memory leak when testing the media/i2c/ov2740.c file using bpf mock. Unreferenced object: 0xffff8881090e19e0 size 16: Command: “51-i2c-ov2740”, PID 278, jiffies...

CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()

In the Linux kernel, the following vulnerability has been resolved: media: em28xx: fix use-after-free in em28xxv4l2open em28xxv4l2open reads dev-v4l2 without holding dev-lock, creating a race with em28xxv4l2init's error path and em28xxv4l2fini, both of which free the em28xxv4l2 struct and set...

CVE-2026-31576

CVE-2026-31576 affects the Linux kernel hackrf driver. A race condition allows use-after-free and double-free when memory for the hackrf device is freed on the error path after probe() has registered the device. Open file descriptors and in-flight I/O can still reference the device while v4l2/vid...

CVE-2026-31576

In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free memory after the device is registered in hackrfprobe In hackrf driver, the following race condition occurs: CPU0 CPU1 hackrfprobe kzalloc; // alloc hackrfdev .... v4l2deviceregister; .... fd =...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013492 advisory. In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set devicecaps for 417 The videodevice for the MPEG encoder did not set devicecap...

PT-2026-34378

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the media mc and v4l2 components where MEDIA REQUEST IOC REINIT can run concurrently with VIDIOC REQBUFS0 queue teardown paths. This concurrency can cause...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007401)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007401 advisory. In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvrprobe The error handling code in pvr2hdwcreate forgets to...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38044)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38044 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set devicecaps for 417 T...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004200)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004200 advisory. An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions whe...