Lucene search
K

1079 matches found

RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.3 views

kernel: mt76: fix use-after-free by removing a non-RCU wcid pointer

A vulnerability was found in the Linux kernel's mt76 wi-fi driver. A concurrency bug causes the mtxq TX queue to maintain a raw pointer to a wcid structure mtxq-wcid that might be freed by the time it is accessed. This issue can lead to a use-after-free scenario, leading to system instability,...

7.8CVSS6.8AI score0.00284EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.3 views

kernel: mt76: fix use-after-free by removing a non-RCU wcid pointer

A vulnerability was found in the Linux kernel's mt76 wi-fi driver. A concurrency bug causes the mtxq TX queue to maintain a raw pointer to a wcid structure mtxq-wcid that might be freed by the time it is accessed. This issue can lead to a use-after-free scenario, leading to system instability,...

7.8CVSS6.8AI score0.00284EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.3 views

kernel: wifi: mac80211: Fix UAF in ieee80211_scan_rx()

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211scanrx ieee80211scanrx tries to access scanreq-flags after a null check, but a UAF is observed when the scan is completed and ieee80211scancompleted executes, which then calls cfg80211scandone...

7.8CVSS6.3AI score0.00159EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.4 views

kernel: netfilter: nf_tables: netlink notifier might race to release objects

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: netlink notifier might race to release objects commit release path is invoked via callrcu and it runs lockless to release the objects after rcu grace period. The netlink notifier handler might win race to...

4.7CVSS6.6AI score0.00115EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.5 views

SUSE CVE-2006-1523

The groupcompletesignal function in the RCU signal handling signal.c in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUGON...

10CVSS7AI score0.02549EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.4 views

SUSE CVE-2015-1465

The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update RCU grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service memory consumption or system crash via a flood of...

7.8CVSS6.5AI score0.06511EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.5 views

SUSE CVE-2019-19036

btrfsrootnode in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcudereferenceroot-node can be zero...

5.5CVSS6.6AI score0.01841EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.4 views

PT-2023-33146 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue concerns the nvme ns head list in the Linux Kernel, specifically with regards to SRCU protection. The actual impact and potential for attack have not been proven yet...

7.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/01 12:0 a.m.9 views

PT-2025-37672

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.25-android14-5-maybe-dirty-mainline Description The Linux kernel contained an issue where the detection of atomic context was insufficient, potentially leading to problems when z erofs decompressqueue endio w...

5.5CVSS5.4AI score0.00127EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/11/15 11:55 a.m.7 views

kernel: inet: fully convert sk->sk_rx_dst to RCU rules

A use-after-free vulnerability was found in the TCP IP protocol in the Linux Kernel, where a delete operation of the RCU-protected pointer is supposed to clear the pointer before the callrcu/synchronizercu guarding the actual memory freeing. This flaw allows a local attacker to crash the system o...

7.8CVSS6.5AI score0.00451EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/11/08 9:32 a.m.3 views

kernel: inet: fully convert sk->sk_rx_dst to RCU rules

A use-after-free vulnerability was found in the TCP IP protocol in the Linux Kernel, where a delete operation of the RCU-protected pointer is supposed to clear the pointer before the callrcu/synchronizercu guarding the actual memory freeing. This flaw allows a local attacker to crash the system o...

7.8CVSS6.5AI score0.00451EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/06/15 2:15 p.m.5 views

CVE-2022-20153

In rcucblistdequeue of rcusegcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroi...

7.2CVSS7AI score0.00123EPSS
Exploits0References2
OSV
OSV
added 2022/04/19 2:4 p.m.7 views

CLSA-2022-1650377052 Fix of CVE: CVE-2022-28390, CVE-2021-3609

can: emsusb: emsusbstartxmit: fix double devkfreeskb in error path ELSCVE-3847 CVE-2022-28390 - can: bcm: delay release of struct bcmop after synchronizercu ELSCVE-1694 CVE-2021-3609...

7.8CVSS6.8AI score0.00431EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/01/07 12:0 a.m.2 views

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by an attacker to trigger a memory corruption in the Linux kernel via RCU file reference GC to trigger a denial of service and possibly run...

7CVSS6.7AI score0.0031EPSS
Exploits0References71
Positive Technologies
Positive Technologies
added 2021/07/01 12:0 a.m.6 views

PT-2024-11317 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free vulnerability in the arch topology component of the Linux kernel. The topology scale freq tick function, which is called from scheduler tick, m...

7.8CVSS6.6AI score0.0023EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2021/06/10 12:0 a.m.6 views

PT-2024-11232 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.13 Description: The issue is related to a null pointer dereference in the Linux kernel's bridge tunnel due to lockless access in the tunnel egress path. When a VLAN tunnel is deleted, the tunnel dst pointer...

7.8CVSS7AI score0.03558EPSS
Exploits0References136
Tenable Nessus
Tenable Nessus
added 2021/01/07 12:0 a.m.33 views

XENMEM_aquire_resources Error Path DoS (XSA-334)

A denial of service DoS vulnerability exists in Xen servers XENMEMacquireresource due to an error path exiting without releasing an RCU Read, Copy, Update reference. An authenticated, local attacker can exploit this issue, via a malicious HVM stubdomain which can cause an RCU reference to be...

5.5CVSS6.2AI score0.00416EPSS
Exploits0References2
OSV
OSV
added 2020/09/23 10:15 p.m.4 views

ALPINE-CVE-2020-25598

An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEMacquireresource error path. The RCU Read, Copy, Update mechanism is a synchronisation primitive. A buggy error path in the XENMEMacquireresource exits without releasing an RCU reference, which is conceptually similar to...

5.5CVSS6.7AI score0.00416EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2015/02/05 12:0 a.m.7 views

PT-2015-5305 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.18.8 Description: The issue is related to the IPv4 implementation in the Linux kernel, which does not properly consider the length of the Read-Copy Update RCU grace period for redirecting lookups in the absenc...

10CVSS7.7AI score0.37679EPSS
Exploits44References268
Rows per page
Query Builder