CVE-2026-46296

Publié : 8 juin 2026

Modifié : 8 juin 2026

Description détaillée

In the Linux kernel, the following vulnerability has been resolved: spi: s3c64xx: fix NULL-deref on driver unbind A change moving DMA channel allocation from probe() back to s3c64xx_spi_prepare_transfer() failed to remove the corresponding deallocation from remove(). Drop the bogus DMA channel release from remove() to avoid triggering a NULL-pointer dereference on driver unbind. This issue was flagged by Sashiko when reviewing a controller deregistration fix.

Références et Patchs

https://git.kernel.org/stable/c/1108b8722b9ff0cdd3e8aa18d98244fcd93b6760 https://git.kernel.org/stable/c/1b66f16a571a10ba8889ac471755c8af9c5b9266 https://git.kernel.org/stable/c/22788b1a8611380b141e09a8896702e32d164238 https://git.kernel.org/stable/c/323a258f4b1916b5a3098618e036e033b2f2317f https://git.kernel.org/stable/c/45daacbead8a009844bd5dba6cfa731332184d17

Dernières Vulnérabilités

CVE-2026-44541

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue has been patched in version 2.84.5.

VOIR DÉTAILS

CVE-2026-40215

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.

VOIR DÉTAILS

CVE-2026-11585

A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

VOIR DÉTAILS