Kernel: netfilter: nf_tables_newrule when adding a rule with nfta_rule_chain_id leads to use-after-free

...

PT-2025-53067

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-rc1+ 279 Description The Linux kernel contains a flaw in the ext4 file system implementation, specifically within the ext4 mb new inode pa function. A calculation error during extent allocation can lead to ...

PT-2025-53058

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-rc1-dirty 1236 Description A flaw exists in the Linux kernel's iommufd subsystem related to handling batch carry operations. Specifically, the end variable was not being set correctly, leading to a potentia...

PT-2025-52984

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's IIO core that can lead to an invalid memory access when a device lacks a parent. A commit intended to improve label retrieval during device registrati...

kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free vulnerability in the perfgroupdetach function of the Linux Kernel Performance Events CVE-2023-2235 kernel: netfilter: use-after-free in nftables when processing batch...

Exploit for Improper Validation of Array Index in Linux Linux_Kernel

CVE-2023-2008 Proof of concept exploit for CVE-2023-2008, a b...

kernel: net/mlx5: Fix possible use-after-free in async command interface

A flaw was found in the net/mlx5 subsystem of the Linux kernel where a race condition in the asynchronous command interface can lead to a use-after-free condition. The function mlx5cmdcleanupasyncctx may return before all callback handlers have completed, allowing the context to be freed while...

kernel: ASoC: pxa: fix null-pointer dereference in filter()

A flaw was found in the Linux kernel ASoC pxa audio driver. The function filter used kasprintf to allocate a formatted string but did not check whether the allocation succeeded before passing the result to strcmp. If memory allocation fails and kasprintf returns NULL, this results in a NULL point...

kernel: ext4: kernel bug in ext4_write_inline_data_end()

A flaw was found in the openEuler kernel in Linux filesystem modules that allows an integer overflow via mounting a corrupted filesystem. This issue affects the openEuler kernel in versions from 4.19.90 through 4.19.90-2401.3 and 5.10.0-60.18.0 through 5.10.0-183.0.0...

kernel: net/mlx5: Fix possible use-after-free in async command interface

A flaw was found in the net/mlx5 subsystem of the Linux kernel where a race condition in the asynchronous command interface can lead to a use-after-free condition. The function mlx5cmdcleanupasyncctx may return before all callback handlers have completed, allowing the context to be freed while...

kernel: scsi: target: iscsi: Fix a race condition between login_work and the login thread

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between loginwork and the login thread In case a malicious initiator sends some random data immediately after a login PDU; the iscsitargetskdataready callback will schedule the loginwork...

kernel: dm cache: free background tracker's queued work in btracker_destroy

A memory leak was found in the device-mapper cache target in the Linux kernel. The btrackerdestroy function fails to free queued work items from the background tracker before destroying the slab cache. This triggers a BUG when kmemcacheshutdown finds objects still remaining...

PT-2025-26062 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the RDMA/siw component. The issue occurs when the siw recv mpa rr function returns -EAGAIN, indicating that the MPA...

CVE-2023-0210

A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems...

SUSE CVE-2006-0554

Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data...

SUSE CVE-2009-1298

The ipfragreasm function in net/ipv4/ipfragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IPINCSTATSBH with an incorrect argument, which allows remote attackers to cause a denial of service NULL pointer dereference and hang via long IP packets, possibly...

SUSE CVE-2016-9756

arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

PT-2023-35090 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.7 Description: A bug was fixed in the Linux Kernel that occurs when unloading amdgpu. The actual impact and attack plausibility of this issue have not yet been proven. Recommendations: For Linux Kernel...

io_uring Same Type Object Reuse Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...