CVE-2024-50257 netfilter: Fix use-after-free in get_info()

In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in getinfo ip6tablenat module unload has refcnt warning for UAF. call trace is: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 moduleput+0x6f/0x80 Modules linked in: ip6tablenat- CPU: 1 UID: 0...

CVE-2024-49924

In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after free in pxafbtask In the pxafbprobe function, it calls the pxafbinitfbinfo function, after which &fbi-;task is associated with pxafbtask. Moreover, within this pxafbinitfbinfo function, the...

CVE-2024-50061 i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition

In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdnsi3cmaster Driver Due to Race Condition In the cdnsi3cmasterprobe function, &master-hjwork is bound with cdnsi3cmasterhj. And cdnsi3cmasterinterrupt can call...

CVE-2024-49924

In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after free in pxafbtask In the pxafbprobe function, it calls the pxafbinitfbinfo function, after which &fbi-task is associated with pxafbtask. Moreover, within this pxafbinitfbinfo function, the...

CVE-2024-49924 fbdev: pxafb: Fix possible use after free in pxafb_task()

In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after free in pxafbtask In the pxafbprobe function, it calls the pxafbinitfbinfo function, after which &fbi-task is associated with pxafbtask. Moreover, within this pxafbinitfbinfo function, the...

CVE-2024-49924 fbdev: pxafb: Fix possible use after free in pxafb_task()

In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after free in pxafbtask In the pxafbprobe function, it calls the pxafbinitfbinfo function, after which &fbi-task is associated with pxafbtask. Moreover, within this pxafbinitfbinfo function, the...

CVE-2024-47747 net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition

In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3probe function, a timer is initialized with a callback function ether3ledoff, bound to &prevdev-timer. Once the timer is started, the...

CVE-2024-46858 mptcp: pm: Fix uaf in __timer_delete_sync

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in timerdeletesync There are two paths to access mptcppmdeladdtimer, result in a race condition: CPU1 CPU2 ==== ==== netrxaction napipoll netlinksendmsg napipoll netlinkunicast processbacklog netlinkunicastkern...

CVE-2023-52847 media: bttv: fix use after free error due to btv->timeout timer

In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv-timeout timer There may be some a race condition between timer function bttvirqtimeout and bttvremove. The timer is setup in probe and there is no timerdelete operation in remove...

CVE-2024-26874

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtkdrmcrtcfinishpageflip It's possible that mtkcrtc-event is NULL in mtkdrmcrtcfinishpageflip. pendingneedsvblank value is set by mtkcrtc-event, but in mtkdrmcrtcatomicflush, it's is not...

CVE-2024-26658 bcachefs: grab s_umount only if snapshotting

In the Linux kernel, the following vulnerability has been resolved: bcachefs: grab sumount only if snapshotting When I was testing mongodb over bcachefs with compression, there is a lockdep warning when snapshotting mongodb data volume. $ cat test.sh prog=bcachefs $prog subvolume create /mnt/data...