CVE-2022-50000

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequence normally happens in order: 1 gcstep work is stopped to disable any further stats/del requests...

SUSE CVE-2025-48945

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS...

pycares has a Use-After-Free Vulnerability

Summary pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. Details Root Cause The vulnerability stems from improper handling of callback...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via improper handling of callback references during the destruction of the Channel object. An attacker can cause a fatal interpreter crash by triggering DNS queries that result in the Channel object being garbage collecte...

Astra Linux – Vulnerability in Firefox

It was possible to interrupt the processing of a RegExp bailout and execute additional JavaScript code, potentially triggering garbage collection when the engine did not expect it. This vulnerability has been fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

kernel: keys: Fix UAF in key_put()

In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in keyput Once a key's reference count has been reduced to 0, the garbage collector thread may destroy it at any time and so keyput is not allowed to touch the key after that point. The most keyput is normally allow...

CVE-2024-7530

Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox 129...

CVE-2024-3853

A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox 125...

CVE-2024-3856

A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox 125...

CVE-2023-48184

QuickJS before 7414e5f has a quickjs.h JSFreeValueRT use-after-free because of incorrect garbage collection of async functions with closures...

CVE-2020-14163

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in...

CVE-2011-1844

Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service memory consumption via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection...

kernel: net: bridge: mcast: wait for previous gc cycles when removing port

A possible use-after-free was found in the Linux kernel in net/bridge/brmulticast.c...

Browser Security Posture Analysis: a Client-Side Security Assessment Framework

Modern web browsers have effectively become the new operating system for business applications, yet their security posture is often under-scrutinized. This paper presents a novel, comprehensive Browser Security Posture Analysis Framework1, a browser-based client-side security assessment toolkit...

SUSE CVE-2025-23130

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic once fallocation fails for pinfile syzbot reports a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2746! CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted...

SUSE CVE-2025-21959

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 "netfilter: nfconncount: fix garbage collection confirm race", cpu and jiffies32 were introduced to the struct...

DEBIAN-CVE-2025-21893

In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in keyput Once a key's reference count has been reduced to 0, the garbage collector thread may destroy it at any time and so keyput is not allowed to touch the key after that point. The most keyput is normally allow...

CVE-2025-21893

In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in keyput Once a key's reference count has been reduced to 0, the garbage collector thread may destroy it at any time and so keyput is not allowed to touch the key after that point. The most keyput is normally allow...

SUSE CVE-2022-49738

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on iextraisize in isalive syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in datablkaddr fs/f2fs/f2fs.h:2891 inline BUG: KASAN: slab-out-of-bounds in isalive fs/f2fs/gc.c:1117 inline BUG: KASA...

PT-2025-13549

Name of the Vulnerable Software and Affected Versions HDF5 versions up to 1.14.6 Description A issue was found in the function H5FL blk gc list of the file src/H5FL.c. The manipulation of the argument H5FL blk head t leads to use after free. An attack has to be approached locally. The exploit has...