PT-2024-28657 · Ibm · Ibm Mq Container Developer Edition +1

Name of the Vulnerable Software and Affected Versions: IBM MQ Operator versions 2.0.24 through 3.2.2 IBM MQ Container Developer Edition affected versions not specified Description: The issue is caused by incorrect memory de-allocation, leading to a denial of service. A remote attacker could explo...

The vulnerability of the Dawn component in browsers Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability of the Dawn component in Google Chrome and Microsoft Edge browsers is related to the use of memory after deallocation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Astra Linux – Vulnerability in Parsec

The vulnerability of the pdp-ls utility in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...

SUSE CVE-2024-38390

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xxdestroy before adrenogpuinit leads to a null pointer dereference on: msmgpucleanup : platformsetdrvdatagpu-pdev, NULL; as gpu-pdev is only assigned...

DEBIAN-CVE-2024-38390

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xxdestroy before adrenogpuinit leads to a null pointer dereference on: msmgpucleanup : platformsetdrvdatagpu-pdev, NULL; as gpu-pdev is only assigned...

UBUNTU-CVE-2024-36281

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use mlx5ipsecrxstatusdestroy to correctly delete status rules rxcreate no longer allocates a modifyhdr instance that needs to be cleaned up. The mlx5modifyheaderdealloc call will lead to a NULL pointer dereference. A le...

The vulnerabilities of the functions zpaq_decompress_buf() and clear_rulist() in the Irzip software allow a hacker to trigger a service failure.

The vulnerabilities of the functions zpaqdecompressbuf and clearrulist in the Irzip software involve parallel memory usage after deallocation. Exploiting these vulnerabilities can allow an attacker to cause a service failure...

CVE-2024-32503

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper memory deallocation checking, which can result in a UAF Use-After-Free vulnerability...

CVE-2024-32503

The CVE-2024-32503 entry concerns Samsung Mobile Processor and Wearable Processor Exynos family (850, 1080, 2100, 1280, 1380, 1330, W920, W930). A memory management issue is described: improper memory deallocation checking leads to a Use-After-Free (UAF) condition. This vulnerability is documente...

PT-2024-24620 · Samsung · Exynos 1330 +7

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor and Wearable Processor Exynos versions 850, 1080, 2100, 1280, 1380, 1330, W920, W930 Description: An issue was discovered in the Samsung Mobile Processor and Wearable Processor, where the mobile processor lacks proper...

CVE-2023-43543

Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object...

The vulnerability of the p9pdu_vreadf() function in the 9P network protocol implementation of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of information, and execute arbitrary code.

The vulnerability of the p9pduvreadf function in the net/9p/protocol.c module of the 9P network protocol implementation in the Linux operating system is related to the use of an uninitialized variable during memory deallocation. Exploiting this vulnerability could allow a remote attacker to...

CVE-2021-47523

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix leak of rcvhdrtaildummykvaddr This buffer is currently allocated in hfi1init: if reinit ret = initafterresetdd; else ret = loadtimeinitdd; if ret goto done; / allocate dummy tail memory for all receive contexts /...

CVE-2021-47508

In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unreferenced object 0xffff88811ae59080 size 64: comm "xfsio", pid 12124, jiffies 4294987392 age 6.368s hex...

CVE-2021-47523

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix leak of rcvhdrtaildummykvaddr This buffer is currently allocated in hfi1init: if reinit ret = initafterresetdd; else ret = loadtimeinitdd; if ret goto done; / allocate dummy tail memory for all receive contexts /...

CVE-2021-47523 IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix leak of rcvhdrtaildummykvaddr This buffer is currently allocated in hfi1init: if reinit ret = initafterresetdd; else ret = loadtimeinitdd; if ret goto done; / allocate dummy tail memory for all receive contexts /...

CVE-2021-47523

CVE-2021-47523 affects the Linux kernel’s IB/hfi1 path. The issue is a leak of rcvhdrtail_dummy_kvaddr which is allocated in hfi1_init() and can be overwritten on a reinit path, leading to a memory leak. The fix moves the allocation to hfi1_alloc_devdata() and deallocation to hfi1_free_devdata(),...

kernel: RDMA/efa: Fix wrong resources deallocation order

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix wrong resources deallocation order When trying to destroy QP or CQ, we first decrease the refcount and potentially free memory regions allocated for the object and then request the device to destroy the object. If t...

mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)

A flaw was found in modhttp2. When a HTTP/2 stream is reset RST frame by a client, there is a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connectio...

CVE-2023-52772

In the Linux kernel, the following vulnerability has been resolved: afunix: fix use-after-free in unixstreamreadactor syzbot reported the following crash 1 After releasing unix socket lock, u-oobskb can be changed by another thread. We must temporarily increase skb refcount to make sure this othe...