2566 matches found
kernel: memory leak in ipv6_renew_options()
A memory leak flaw was found in the Linux kernel’s IPv6 functionality in how a user triggers the setsockopt of the IPV6ADDRFORM and IPV6DSTOPTS type. This flaw allows a user to crash the system if the setsockopt function is being called simultaneously with the IPV6ADDRFORM type and other processe...
kernel: dm integrity: Fix UAF in dm_integrity_dtr()
A use-after-free vulnerability was found in the Linux kernel's device mapper integrity subsystem. When dmresume and dmdestroy execute concurrently, a timer may fire and access freed memory because dmintegritydtr did not properly cancel the timer before freeing resources. The fix adds an additiona...
kernel: drm/i915/reset: Fix error_state_read ptr + offset use
In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstateread when there is no i915gpucoredump but buf offset is non-zero. This fixes a kernel page fault can happen when multiple tests are...
kernel: race condition in xfrm_probe_algs can lead to OOB read/write
A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...
kernel: dm cache: Fix UAF in destroy()
In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy Dmcache also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in destroy...
kernel: dm thin: Fix UAF in run_timer_softirq()
In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...
PT-2025-26012 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the block layer and the blk-rq-qos framework. The issue occurs when the io.cost.qos file is written by two CPUs...
PT-2025-8531 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists in the Linux kernel related to sysctl tcp mtu probing. This issue occurs because the value of sysctl tcp mtu probing can be changed concurrently while it is...
PT-2025-8519 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists around sysctl tcp fastopen in the Linux kernel. The value of sysctl tcp fastopen can be changed concurrently while it is being read, which requires the use of...
PT-2025-8513 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists around sysctl fib multipath use neigh. The value of sysctl fib multipath use neigh can be changed concurrently while it is being read, which requires the use o...
PT-2025-8532 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists in the Linux kernel related to the sysctl tcp l3mdev accept variable. This issue occurs because the variable can be changed concurrently while being read, whic...
UBUNTU-CVE-2023-31141
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...
Siemens SCALANCE XCM332 Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2022-1729)
A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. This plugin only works with Tenable.ot. Please...
Siemens TIM 4R-IE Devices Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2016-4954)
The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service peer- variable modification by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication...
PT-2025-53177
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the qedi driver within the Linux kernel. The issue occurs in the qedi remove function, potentially triggered by concurrent execution of qedi recovery...
DEBIAN-CVE-2023-29132
Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line...
CVE-2023-29132
Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line...
Siemens SCALANCE W1750D Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2021-25158)
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant...
RUSTSEC-2023-0031 Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Once::trycallonce is unsound if invoked more than once concurrently and any call fails to initialise successfully...
Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Once::trycallonce is unsound if invoked more than once concurrently and any call fails to initialise successfully...