kernel: media: edia: dvbdev: fix a use-after-free

In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvbregisterdevice, pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, pdvbdev is not set to NULL after dvbdev's deallocation, causing...

The vulnerability of the hisi component in the Linux operating system allows a hacker to gain elevated privileges within the system.

The vulnerability of the hisi component in the Linux operating system’s kernel is related to memory management errors after deallocation. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

DEBIAN-CVE-2024-53064

In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset i...

AZL-53986 CVE-2024-53059 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwlmvmsendrecoverycmd 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwlmvmsendcmdstatus, which handles...

The vulnerability of the rtl8xxxu component in the Linux operating system allows a hacker to increase their privileges within the system.

The vulnerability of the rtl8xxxu component in the Linux operating system’s kernel is related to memory usage errors after deallocation in the rtl8xxxustop function. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

The vulnerability of the Linux operating system’s kernel component, which allows a hacker to increase their privileges within the system

The vulnerability of the Linux operating system’s kernel component is related to memory management errors after deallocation. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

Vulnerability of components of Linux operating system’s sched/fair kernel, allowing attackers to increase their privileges within the system

The vulnerability of the sched/fair components in the Linux operating system’s kernel is related to errors that occur after deallocation. Exploiting this vulnerability can allow an attacker to increase their privileges within the system...

The vulnerability in the implementation of the WebRTC technology in Google Chrome browser allows attackers to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of WebRTC implementations in Google Chrome and Microsoft Edge relates to the use of memory after deallocation. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of data through a specially crafted HTML page...

PT-2025-3333

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description A vulnerability in the Linux kernel related to BPF links has been fixed. The issue was with the BPF link's program, which could be freed before the BPF link itself, leading to a use-after-free...

SUSE CVE-2024-49972

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Deallocate DML memory if allocation fails Why When DC state create DML memory allocation fails, memory is not deallocated subsequently, resulting in uninitialized structure that is not NULL. How Deallocate memory...

DEBIAN-CVE-2024-49972

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Deallocate DML memory if allocation fails Why When DC state create DML memory allocation fails, memory is not deallocated subsequently, resulting in uninitialized structure that is not NULL. How Deallocate memory...

AZL-52041 CVE-2024-49972 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Deallocate DML memory if allocation fails Why When DC state create DML memory allocation fails, memory is not deallocated subsequently, resulting in uninitialized structure that is not NULL. How Deallocate memory...

AZL-52135 CVE-2024-49972 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Deallocate DML memory if allocation fails Why When DC state create DML memory allocation fails, memory is not deallocated subsequently, resulting in uninitialized structure that is not NULL. How Deallocate memory...

UBUNTU-CVE-2024-49972

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Deallocate DML memory if allocation fails Why When DC state create DML memory allocation fails, memory is not deallocated subsequently, resulting in uninitialized structure that is not NULL. How Deallocate memory...

CVE-2024-49884 ext4: fix slab-use-after-free in ext4_split_extent_at()

In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4splitextentat We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4splitextentat+0xba8/0xcc0 Read of...

CVE-2024-49883 ext4: aovid use-after-free in ext4_ext_insert_extent()

In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4extinsertextent As Ojaswin mentioned in Link, in ext4extinsertextent, if the path is reallocated in ext4extcreatenewleaf, we'll use the stale path and cause UAF. Below is a sample trace with dumm...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to disclose protected information.

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers relates to the use of memory after deallocation. Exploiting this vulnerability can allow a remote attacker to expose sensitive information through a specially created HTML page...

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020/2024 involve memory usage after decompression, allowing attackers to disclose protected information.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020/2024 are related to the use of memory after deallocation. Exploiting these vulnerabilities can allow attackers to...

The vulnerability of the xe_exec_queue_put function in the Linux operating system’s DRM kernel component, which allows a hacker to trigger a service failure

The vulnerability of the xeexecqueueput function in the Linux operating system’s DRM kernel component is related to the use of memory after deallocation. Exploiting this vulnerability could allow a hacker to cause a service failure...

The vulnerability of the hci_qca component in the Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the hciqca component in the Linux operating system’s kernel is related to the use of memory after deallocation. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...