1079 matches found
kernel: mt76: fix use-after-free by removing a non-RCU wcid pointer
A vulnerability was found in the Linux kernel's mt76 wi-fi driver. A concurrency bug causes the mtxq TX queue to maintain a raw pointer to a wcid structure mtxq-wcid that might be freed by the time it is accessed. This issue can lead to a use-after-free scenario, leading to system instability,...
kernel: mt76: fix use-after-free by removing a non-RCU wcid pointer
A vulnerability was found in the Linux kernel's mt76 wi-fi driver. A concurrency bug causes the mtxq TX queue to maintain a raw pointer to a wcid structure mtxq-wcid that might be freed by the time it is accessed. This issue can lead to a use-after-free scenario, leading to system instability,...
kernel: wifi: mac80211: Fix UAF in ieee80211_scan_rx()
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211scanrx ieee80211scanrx tries to access scanreq-flags after a null check, but a UAF is observed when the scan is completed and ieee80211scancompleted executes, which then calls cfg80211scandone...
kernel: netfilter: nf_tables: netlink notifier might race to release objects
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: netlink notifier might race to release objects commit release path is invoked via callrcu and it runs lockless to release the objects after rcu grace period. The netlink notifier handler might win race to...
SUSE CVE-2006-1523
The groupcompletesignal function in the RCU signal handling signal.c in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUGON...
SUSE CVE-2015-1465
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update RCU grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service memory consumption or system crash via a flood of...
SUSE CVE-2019-19036
btrfsrootnode in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcudereferenceroot-node can be zero...
PT-2023-33146 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue concerns the nvme ns head list in the Linux Kernel, specifically with regards to SRCU protection. The actual impact and potential for attack have not been proven yet...
PT-2025-37672
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.25-android14-5-maybe-dirty-mainline Description The Linux kernel contained an issue where the detection of atomic context was insufficient, potentially leading to problems when z erofs decompressqueue endio w...
kernel: inet: fully convert sk->sk_rx_dst to RCU rules
A use-after-free vulnerability was found in the TCP IP protocol in the Linux Kernel, where a delete operation of the RCU-protected pointer is supposed to clear the pointer before the callrcu/synchronizercu guarding the actual memory freeing. This flaw allows a local attacker to crash the system o...
kernel: inet: fully convert sk->sk_rx_dst to RCU rules
A use-after-free vulnerability was found in the TCP IP protocol in the Linux Kernel, where a delete operation of the RCU-protected pointer is supposed to clear the pointer before the callrcu/synchronizercu guarding the actual memory freeing. This flaw allows a local attacker to crash the system o...
CVE-2022-20153
In rcucblistdequeue of rcusegcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroi...
CLSA-2022-1650377052 Fix of CVE: CVE-2022-28390, CVE-2021-3609
can: emsusb: emsusbstartxmit: fix double devkfreeskb in error path ELSCVE-3847 CVE-2022-28390 - can: bcm: delay release of struct bcmop after synchronizercu ELSCVE-1694 CVE-2021-3609...
Linux kernel 竞争条件问题漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by an attacker to trigger a memory corruption in the Linux kernel via RCU file reference GC to trigger a denial of service and possibly run...
PT-2024-11317 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free vulnerability in the arch topology component of the Linux kernel. The topology scale freq tick function, which is called from scheduler tick, m...
PT-2024-11232 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.13 Description: The issue is related to a null pointer dereference in the Linux kernel's bridge tunnel due to lockless access in the tunnel egress path. When a VLAN tunnel is deleted, the tunnel dst pointer...
XENMEM_aquire_resources Error Path DoS (XSA-334)
A denial of service DoS vulnerability exists in Xen servers XENMEMacquireresource due to an error path exiting without releasing an RCU Read, Copy, Update reference. An authenticated, local attacker can exploit this issue, via a malicious HVM stubdomain which can cause an RCU reference to be...
ALPINE-CVE-2020-25598
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEMacquireresource error path. The RCU Read, Copy, Update mechanism is a synchronisation primitive. A buggy error path in the XENMEMacquireresource exits without releasing an RCU reference, which is conceptually similar to...
PT-2015-5305 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.18.8 Description: The issue is related to the IPv4 implementation in the Linux kernel, which does not properly consider the length of the Read-Copy Update RCU grace period for redirecting lookups in the absenc...