3175 matches found
CVE-2023-53815
In the Linux kernel, the following vulnerability has been resolved: posix-timers: Prevent RT livelock in itimerdelete itimerdelete has a retry loop when the timer is concurrently expired. On non-RT kernels this just spin-waits until the timer callback has completed, except for posix CPU timers...
CVE-2023-53815 posix-timers: Prevent RT livelock in itimer_delete()
In the Linux kernel, the following vulnerability has been resolved: posix-timers: Prevent RT livelock in itimerdelete itimerdelete has a retry loop when the timer is concurrently expired. On non-RT kernels this just spin-waits until the timer callback has completed, except for posix CPU timers...
CVE-2023-53781
CVE-2023-53781 (Linux kernel) : A use-after-free in the TCP timer path when an SMC kernel socket is created and freed; if the parent SMC socket is released with the inner TCP socket not in TCP_CLOSE, inet_csk_destroy_sock() is not called and TCP timers remain active, allowing a use-after-free in ...
CVE-2023-53781 smc: Fix use-after-free in tcp_write_timer_handler().
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...
CVE-2023-53781
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...
PT-2025-49675
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains a flaw in the posix-timers functionality, specifically within the itimer delete function. A retry loop within this function, when handling concurrent timer...
Bluetooth: MGMT: cancel mesh send timer when hdev removed
...
SUSE CVE-2025-40284
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...
Linux Distros Unpatched Vulnerability : CVE-2025-40284
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers afte...
CVE-2025-40284
A use-after-free vulnerability exists in the Bluetooth MGMT subsystem of the Linux kernel. When a Bluetooth HCI device is removed, the meshsenddone timer is not cancelled. If this timer fires after the device is freed, it accesses freed memory and causes a kernel crash...
EUVD-2025-201571
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...
DEBIAN-CVE-2025-40284
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...
CVE-2025-40284
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...
UBUNTU-CVE-2025-40284
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...
CVE-2025-40284 Bluetooth: MGMT: cancel mesh send timer when hdev removed
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...
CVE-2025-40284 Bluetooth: MGMT: cancel mesh send timer when hdev removed
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...
CVE-2025-40284
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...
CVE-2025-40284
CVE-2025-40284 : In the Linux kernel, Bluetooth MGMT did not cancel the mesh_send_done timer when the hdev was removed, leading to a use-after-free crash (KASAN) if the timer fired after removal. The documented fix cancels the MGMT timer on hdev removal, aligning with other MGMT timers, to preven...
mptcp: fix a race in mptcp_pm_del_add_timer()
...
PT-2025-49385
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth implementation related to mesh sending. Specifically, the mesh send done timer is not properly canceled when a hardware device hdev is...