175 matches found
PT-2023-33886 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue is related to a missing put device in mport cdev open, which may potentially lead to security vulnerabilities. The actual impact and attack plausibility have not yet been proven...
PT-2023-33731 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue concerns error handling in the cdev device add function. It was introduced in version v4.12 and is fixed in Linux Kernel version v6.0.16. The actual impact and attack plausibility...
PT-2023-34142 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: The issue concerns NULL-pointer dereferences in the gpiolib cdev. It was introduced in version v4.8 and fixed in Linux Kernel version v5.15.86. The actual impact and attack plausibility hav...
GSD-2022-1006594 gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
gpiolib: cdev: Set lineeventstate::irq after IRQ register successfully This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.146 by commit...
GSD-2022-1006573 gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
gpiolib: cdev: Set lineeventstate::irq after IRQ register successfully This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.71 by commit...
GSD-2022-1006536 gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
gpiolib: cdev: Set lineeventstate::irq after IRQ register successfully This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.12 by commit...
PT-2022-34829 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.71 Description: The issue is related to the gpiolib, specifically with the cdev and lineevent state::irq. It was introduced in version v5.9 and fixed in version v5.15.71. The actual impact and attack...
PT-2022-34749 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0 Description: The issue is related to the gpiolib, specifically with the cdev and lineevent state::irq. It was introduced in version v5.9 and fixed in version v6.0. The actual impact and attack plausibility...
GSD-2022-1000154 rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
rpmsg: char: Fix race between the release of rpmsgctrldev and cdev This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.176 by commit...
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
...
UBUNTU-CVE-2020-0305
In cdevget of chardev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744...
PT-2020-3580 · Google +4 · Android +4
Name of the Vulnerable Software and Affected Versions: Android versions Android-10 Description: The issue is related to a use-after-free vulnerability in the cdev get function of char dev.c due to a race condition. This could lead to local escalation of privilege with System execution privileges...
DEBIAN-CVE-2020-10690
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device ...
CVE-2020-10690
There is a use-after-free problem seen due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device is removed, it ca...
PT-2013-5052 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.12 Description: The issue is related to a buffer overflow in the oz cdev write function, which can be triggered by a crafted write operation. This can cause a denial of service or possibly have other unspecifi...