3968 matches found
CVE-2023-53802
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htchst: free skb in ath9khtcrxmsg if there is no callback function It is stated that ath9khtcrxmsg either frees the provided skb or passes its management to another callback function. However, the skb is not freed in...
CVE-2022-50632
In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvellcn10k: Fix hotplug callback leak in tadpmuinit tadpmuinit won't remove the callback added by cpuhpsetupstatemulti when platformdriverregister failed. Remove the callback by cpuhpremovemultistate in fail path...
UBUNTU-CVE-2022-50650
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference state management for synchronous callbacks Currently, verifier verifies callback functions sync and async as if they will be executed once, i.e. it explores execution state as if the function was being called...
CVE-2023-53802
CVE-2023-53802 affects the Linux kernel driver wifi/ath9k (htc_hst) where skb memory was not freed when there is no callback function in ath9k_htc_rx_msg(); Syzkaller reported a memory leak. The connected advisories for Unity Linux/SUSE summarize the fix as resolving this by ensuring skb is freed...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ath9khtcrxmsg not freeing the skb when there is no callback function, which could lead to a memory leak...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a hot-plug callback leak that could lead to improper resource management...
CVE-2022-50632
CVE-2022-50632 affects the Linux kernel, specifically the perf driver for Marvell CN10K. The vulnerability is a hotplug callback leak in tad_pmu_init() where the callback added by cpuhp_setup_state_multi() is not removed if platform_driver_register() fails. The fix removes the callback in the fai...
CVE-2022-50632 drivers: perf: marvell_cn10k: Fix hotplug callback leak in tad_pmu_init()
In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvellcn10k: Fix hotplug callback leak in tadpmuinit tadpmuinit won't remove the callback added by cpuhpsetupstatemulti when platformdriverregister failed. Remove the callback by cpuhpremovemultistate in fail path...
CVE-2022-50632 drivers: perf: marvell_cn10k: Fix hotplug callback leak in tad_pmu_init()
In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvellcn10k: Fix hotplug callback leak in tadpmuinit tadpmuinit won't remove the callback added by cpuhpsetupstatemulti when platformdriverregister failed. Remove the callback by cpuhpremovemultistate in fail path...
CVE-2022-50632
In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvellcn10k: Fix hotplug callback leak in tadpmuinit tadpmuinit won't remove the callback added by cpuhpsetupstatemulti when platformdriverregister failed. Remove the callback by cpuhpremovemultistate in fail path...
UBUNTU-CVE-2023-53746
In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: fix memory leak in vfioap device driver The device release callback function invoked to release the matrix device uses the devgetdrvdatadevice dev function to retrieve the pointer to the vfiomatrixdev object in orde...
CVE-2023-53746 s390/vfio-ap: fix memory leak in vfio_ap device driver
In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: fix memory leak in vfioap device driver The device release callback function invoked to release the matrix device uses the devgetdrvdatadevice dev function to retrieve the pointer to the vfiomatrixdev object in orde...
CVE-2023-53746 s390/vfio-ap: fix memory leak in vfio_ap device driver
In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: fix memory leak in vfioap device driver The device release callback function invoked to release the matrix device uses the devgetdrvdatadevice dev function to retrieve the pointer to the vfiomatrixdev object in orde...
CVE-2022-50629
In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory leak in rsicoexattach The coexcb needs to be freed when rsicreatekthread failed in rsicoexattach...
CVE-2022-50629
Concretely affected: Linux kernel, the wifi RSI subsystem. CVE-2022-50629 corresponds to a memory‑leak fix in rsi_coex_attach() where coex_cb must be freed if rsi_create_kthread() fails. The SUSE advisory SUSE-SU-2026:0317-1 confirms a kernel update in SUSE Linux Enterprise 15 SP5 to address this...
CVE-2022-50629 wifi: rsi: Fix memory leak in rsi_coex_attach()
In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory leak in rsicoexattach The coexcb needs to be freed when rsicreatekthread failed in rsicoexattach...
PT-2025-49476
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the vfio ap device driver within the Linux kernel. The device release callback function incorrectly attempts to free memory associated with a vfio matrix dev...
PT-2025-49612
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to hotplug callback handling within the marvell cn10k driver. Specifically, the tad pmu init function does not remove a callback added by cpuhp...
FreeBSD : spotipy -- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (8acfcfdc-d27c-11f0-8512-b0416f0c4c67)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8acfcfdc-d27c-11f0-8512-b0416f0c4c67 advisory. https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm reports: Spotipy is a...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 - React2Shell ██████╗ ███████╗ █████╗ █...