ghostscript: dangling pointer in gdev_prn_open_printer_seekable()

A flaw was found in Ghostscript. A remote attacker may use a specially crafted payload to trigger access to previously freed memory, which can potentially lead to remote code execution or an application crash...

kernel: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

A user-after-free vulnerability was found in the linux kernel. sockinitdata attaches the allocated sk object to the provided sock object. If ieee802154create fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, leading to a crash and loss of...

kernel: net: inet6: do not leave a dangling sk pointer in inet6_create()

In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6create sockinitdata attaches the allocated sk pointer to the provided sock object. If inet6create fails later, the sk object is released, but the sock object retains the...

kernel: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate btsockalloc allocates the sk object and attaches it to the provided sock object. On error l2capsockalloc frees the sk object, but the dangling pointer...

kernel: net: explicitly clear the sk pointer, when pf->create fails

In the Linux kernel, the following vulnerability has been resolved: net: explicitly clear the sk pointer, when pf-create fails We have recently noticed the exact same KASAN splat as in commit 6cd4a78d962b "net: do not leave a dangling sk pointer, when socket creation fails". The problem is that...

kernel: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

A flaw was found in the packet scheduler API in the Linux kernel. An invalid assumption about qdiscs with major handle ffff allows qdiscs, such as DRR, that maintain an active class list to cause a use-after-free with a dangling class pointer...

kernel: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk-trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by...

SUSE CVE-2025-37765

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttmbodelayeddelete oops Fix an oops in ttmbodelayeddelete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 1...

CVE-2025-37778

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

DEBIAN-CVE-2025-37778

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

UBUNTU-CVE-2025-37765

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttmbodelayeddelete oops Fix an oops in ttmbodelayeddelete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 1...

CVE-2025-37778 ksmbd: Fix dangling pointer in krb_authenticate

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

CVE-2025-37778 ksmbd: Fix dangling pointer in krb_authenticate

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

CVE-2025-37778

CVE-2025-37778 affects the Linux kernel’s ksmbd/kerberos path. The issue is a dangling pointer in krb_authenticate: it frees sess->user and may not null it; ksmbd_krb5_authenticate reinitialises sess->user, but may return without doing so, causing smb2_sess_setup to access freed memory. The...

CVE-2025-37765 drm/nouveau: prime: fix ttm_bo_delayed_delete oops

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttmbodelayeddelete oops Fix an oops in ttmbodelayeddelete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 1...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a dangling pointer issue in krbauthenticate...

ghostscript: dangling pointer in gdev_prn_open_printer_seekable()

A flaw was found in Ghostscript. A remote attacker may use a specially crafted payload to trigger access to previously freed memory, which can potentially lead to remote code execution or an application crash...

PT-2025-22186

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue in the Linux kernel's ksmbd component, related to Kerberos authentication, has been identified. The problem arises when another thread operates on a session and us...

SUSE-SU-2025:20187-1 Security update for kernel-livepatch-MICRO-6-0_Update_4

This update for kernel-livepatch-MICRO-6-0Update4 fixes the following issues: - CVE-2024-56600: net: inet6: Fixed dangling sk pointer in inet6create bsc1235218. - CVE-2024-57882: mptcp: Fixed TCP options overflow bsc1235916...

CVE-2025-1290

A race condition Use-After-Free vulnerability exists in the virtiotransportspaceupdate function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtiovsocksock structure during an AFVSOCK connect syscall can occur before a worker thread accesses it resulting in a...