61 matches found
CVE-2023-52983 block, bfq: fix uaf for bfqq in bic_set_bfqq()
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bicsetbfqq After commit 64dc8c732f5c "block, bfq: fix possible uaf for 'bfqq-bic'", bic-bfqq will be accessed in bicsetbfqq, however, in some context bic-bfqq will be freed, and bicsetbfqq is calle...
CVE-2023-52983 block, bfq: fix uaf for bfqq in bic_set_bfqq()
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bicsetbfqq After commit 64dc8c732f5c "block, bfq: fix possible uaf for 'bfqq-bic'", bic-bfqq will be accessed in bicsetbfqq, however, in some context bic-bfqq will be freed, and bicsetbfqq is calle...
block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
...
DEBIAN-CVE-2025-21631
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix wakerbfqq UAF after bfqsplitbfqq Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfqinitrq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr ffff8881b57147d8 by task...
UBUNTU-CVE-2025-21631
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix wakerbfqq UAF after bfqsplitbfqq Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfqinitrq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr ffff8881b57147d8 by task...
DEBIAN-CVE-2024-53182
In the Linux kernel, the following vulnerability has been resolved: Revert "block, bfq: merge bfqreleaseprocessref into bfqputcooperator" This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. The bic is associated with syncbfqq, and bfqreleaseprocessref cannot be put into bfqputcooperator...
CVE-2024-53166
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-lock, however bfqlimitdepth is deferencing bfqq from bic without the lock, this can lead to UAF if t...
UBUNTU-CVE-2024-53182
In the Linux kernel, the following vulnerability has been resolved: Revert "block, bfq: merge bfqreleaseprocessref into bfqputcooperator" This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. The bic is associated with syncbfqq, and bfqreleaseprocessref cannot be put into bfqputcooperator...
CVE-2024-53166 block, bfq: fix bfqq uaf in bfq_limit_depth()
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-lock, however bfqlimitdepth is deferencing bfqq from bic without the lock, this can lead to UAF if t...
block bfq: fix possible UAF for bfqq->bic with merge chain
...
AZL-50850 CVE-2024-49854 affecting package kernel for versions less than 6.6.56.1-5
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing wakerbfqq after splitting After commit 42c306ed7233 "block, bfq: don't break merge chain in bfqsplitbfqq", if the current procress is the last holder of bfqq, the bfqq can be freed after...
CVE-2024-47706
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq-bic with merge chain 1 initial state, three tasks: Process 1 Process 2 Process 3 BIC1 BIC2 BIC3 | Λ | Λ | Λ | | | | | | V | V | V | bfqq1 bfqq2 bfqq3 process ref: 1 1 1 2 bfqq1 merged to bfqq...
DEBIAN-CVE-2024-47706
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq-bic with merge chain 1 initial state, three tasks: Process 1 Process 2 Process 3 BIC1 BIC2 BIC3 | Λ | Λ | Λ | | | | | | V | V | V | bfqq1 bfqq2 bfqq3 process ref: 1 1 1 2 bfqq1 merged to bfqq...
CVE-2024-47706
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq-bic with merge chain 1 initial state, three tasks: Process 1 Process 2 Process 3 BIC1 BIC2 BIC3 | Λ | Λ | Λ | | | | | | V | V | V | bfqq1 bfqq2 bfqq3 process ref: 1 1 1 2 bfqq1 merged to bfqq...
CVE-2024-47706
Markdown: CVE-2024-47706 is tied to a Linux kernel issue in the bfq/I/O scheduler where an UAF could occur when bfqq structures are merged across BICs (bfqq1 → bfqq2 → bfqq3). The connected Astra Linux bulletin reproduces the scenario: on insert, a bfqq handle is obtained from the merge chain, bu...
CVE-2024-47706 block, bfq: fix possible UAF for bfqq->bic with merge chain
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq-bic with merge chain 1 initial state, three tasks: Process 1 Process 2 Process 3 BIC1 BIC2 BIC3 | Λ | Λ | Λ | | | | | | V | V | V | bfqq1 bfqq2 bfqq3 process ref: 1 1 1 2 bfqq1 merged to bfqq...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue that may occur when the bfq module in the block layer accesses wakerbfqq after...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel that stems from a potential post-release reuse issue with the bfqq-bic merge chain in the block, bfq subsystem...
GSD-2023-1002043 block, bfq: fix uaf for bfqq in bic_set_bfqq()
block, bfq: fix uaf for bfqq in bicsetbfqq This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.93 by commit...
GSD-2023-1001882 block, bfq: fix uaf for bfqq in bic_set_bfqq()
block, bfq: fix uaf for bfqq in bicsetbfqq This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.11 by commit...