Total
6830 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-38555 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-08 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to NULL. Then it will return a failure to the upper-level function. 2. in func configfs_composite_bind() -> composite_dev_cleanup(): it will checks whether cdev->os_desc_req is NULL. If it is not NULL, it will attempt to use it.This will lead to a use-after-free issue. BUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0 Read of size 8 at addr 0000004827837a00 by task init/1 CPU: 10 PID: 1 Comm: init Tainted: G O 5.10.97-oh #1 kasan_report+0x188/0x1cc __asan_load8+0xb4/0xbc composite_dev_cleanup+0xf4/0x2c0 configfs_composite_bind+0x210/0x7ac udc_bind_to_driver+0xb4/0x1ec usb_gadget_probe_driver+0xec/0x21c gadget_dev_desc_UDC_store+0x264/0x27c | ||||
| CVE-2025-20779 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-08 | 7 High |
| In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184084; Issue ID: MSV-4720. | ||||
| CVE-2025-20780 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-08 | 7.8 High |
| In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712. | ||||
| CVE-2025-20781 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-08 | 7.8 High |
| In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699. | ||||
| CVE-2025-20785 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-08 | 6.7 Medium |
| In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677. | ||||
| CVE-2025-20786 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-08 | 6.7 Medium |
| In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673. | ||||
| CVE-2025-20787 | 2 Google, Mediatek | 31 Android, Mt2718, Mt6739 and 28 more | 2026-01-08 | 6.7 Medium |
| In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149879; Issue ID: MSV-4658. | ||||
| CVE-2025-20799 | 2 Google, Mediatek | 5 Android, Mt6899, Mt6991 and 2 more | 2026-01-08 | 7.8 High |
| In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607; Issue ID: MSV-5049. | ||||
| CVE-2025-20802 | 2 Google, Mediatek | 7 Android, Mt6991, Mt8196 and 4 more | 2026-01-08 | 6.7 Medium |
| In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10238968; Issue ID: MSV-4914. | ||||
| CVE-2025-20804 | 2 Google, Mediatek | 3 Android, Mt6899, Mt6991 | 2026-01-08 | 6.7 Medium |
| In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503. | ||||
| CVE-2025-20805 | 2 Google, Mediatek | 4 Android, Mt6899, Mt6991 and 1 more | 2026-01-08 | 6.7 Medium |
| In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480. | ||||
| CVE-2025-20806 | 2 Google, Mediatek | 4 Android, Mt6899, Mt6991 and 1 more | 2026-01-08 | 6.7 Medium |
| In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114835; Issue ID: MSV-4479. | ||||
| CVE-2026-21675 | 1 Internationalcolorconsortium | 1 Iccdev | 2026-01-08 | 9.8 Critical |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where it deletes the hint. This issue is fixed in version 2.3.1.1. | ||||
| CVE-2026-21486 | 1 Internationalcolorconsortium | 1 Iccdev | 2026-01-08 | 7.8 High |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabilities in its CIccSparseMatrix::CIccSparseMatrix function. This issue is fixed in version 2.3.1.2. | ||||
| CVE-2025-47333 | 1 Qualcomm | 1 Snapdragon | 2026-01-08 | 6.6 Medium |
| Memory corruption while handling buffer mapping operations in the cryptographic driver. | ||||
| CVE-2025-47337 | 1 Qualcomm | 1 Snapdragon | 2026-01-08 | 6.7 Medium |
| Memory corruption while accessing a synchronization object during concurrent operations. | ||||
| CVE-2025-47339 | 1 Qualcomm | 1 Snapdragon | 2026-01-08 | 7.8 High |
| Memory corruption while deinitializing a HDCP session. | ||||
| CVE-2025-47336 | 1 Qualcomm | 1 Snapdragon | 2026-01-08 | 6.7 Medium |
| Memory corruption while performing sensor register read operations. | ||||
| CVE-2025-38724 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-08 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM could race with a confirmed client expiring and fail to get a reference. That could later lead to a UAF. Fix this by getting a reference early in the case where there is an extant confirmed client. If that fails then treat it as if there were no confirmed client found at all. In the case where the unconfirmed client is expiring, just fail and return the result from get_client_locked(). | ||||
| CVE-2025-61662 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift | 2026-01-08 | 4.9 Medium |
| A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. | ||||