DEBIAN-CVE-2023-4133

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flowerstatstimer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition...

UBUNTU-CVE-2023-4133

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flowerstatstimer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition...

Linux kernel resource management error vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue discovered in the cxgb4 driver, which crashes the system and results in a denial ...

FSMLabs TimeKeeper 安全漏洞

FSMLabs TimeKeeper is a platform from FSMLabs, Inc. that provides enterprise-grade time allocation, clock synchronization and monitoring. A security vulnerability exists in FSMLabs TimeKeeper versions 8.0.17 through 8.0.28, which stems from a getsamplebacklog call that can be found by interceptin...

DEBIAN-CVE-2023-3773

A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to cause a 4 byte out-of-bounds read of XFRMAMTIMERTHRESH when parsing netlink attributes, leading to potential leakage of sensitive heap...

PT-2025-40716

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s wifi subsystem, specifically within the rtw88 driver. The issue involves a potential crash and memory leak during driver unloading. This occurs becaus...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a 4-byte out-of-bounds read of XFRMAMTIMERTHRESH when parsing...

The vulnerability of the B.A.T.M.A.N. network interface in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the B.A.T.M.A.N. network interface in the Linux operating system is related to incorrect synchronization between the processes of removing network devices and executing delayed tasks in the batadvdatstarttimer function within the distributedarptable.c module. Exploiting this...

CVE-2023-24826 Usage of Uninitialized Timer during forwarding of Fragments with SFR

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issu...

kernel: dm integrity: Fix UAF in dm_integrity_dtr()

A use-after-free vulnerability was found in the Linux kernel's device mapper integrity subsystem. When dmresume and dmdestroy execute concurrently, a timer may fire and access freed memory because dmintegritydtr did not properly cancel the timer before freeing resources. The fix adds an additiona...

kernel: dm thin: Fix UAF in run_timer_softirq()

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...

kernel: dm cache: Fix UAF in destroy()

In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy Dmcache also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in destroy...

kernel: dm cache: Fix UAF in destroy()

In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy Dmcache also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in destroy...

kernel: rxrpc: fix a race in rxrpc_exit_net()

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix a race in rxrpcexitnet Current code can lead to the following race: CPU0 CPU1 rxrpcexitnet rxrpcpeerkeepaliveworker if rxnet-live rxnet-live = false; deltimersync&rxnet-peerkeepalivetimer;...

kernel: dm integrity: Fix UAF in dm_integrity_dtr()

A use-after-free vulnerability was found in the Linux kernel's device mapper integrity subsystem. When dmresume and dmdestroy execute concurrently, a timer may fire and access freed memory because dmintegritydtr did not properly cancel the timer before freeing resources. The fix adds an additiona...

kernel: dm clone: Fix UAF in clone_dtr()

A use-after-free vulnerability was found in the device-mapper clone target. When dmresume and dmdestroy execute concurrently, a timer may fire after the clone target structure has been freed, leading to use-after-free...

kernel: dm thin: Fix UAF in run_timer_softirq()

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...

kernel: KVM: x86/xen: Initialize Xen timer only once

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Initialize Xen timer only once Add a check for existing xen timers before initializing a new one. Currently kvmxeninittimer is called on every KVMXENVCPUATTRTYPETIMER, which is causing the following ODEBUG crash whe...

kernel: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works

n the Linux kernel’s Bluetooth subsystem there is a flaw in the way Bluetooth HCI work items are queued. Under certain conditions, work associated with command timeouts hdev-cmd,ncmdtimer could be scheduled on the wrong workqueue while the intended workqueue is being drained. This occurs because...

CLSA-2023-1683146027 kernel: Fix of 23 CVEs

media: rc: Fix use-after-free bugs caused by enetxirqsim CVE-2023-1118 - net: mpls: fix stale pointer if allocation fails during device rename CVE-2023-26545 - net/ulp: prevent ULP without clone op from entering the LISTEN status CVE-2023-0461 - Bluetooth: L2CAP: Fix u8 overflow CVE-2022-45934 -...