CVE-2026-45866 serial: caif: fix use-after-free in caif_serial ldisc_close()

In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been freed. The race condition occurs between ldiscclose and packet...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: Binder: Fixed a UAF Use-After-Free issue caused by a race condition involving ref-proc. A transaction of type BINDERTYPEWEAKHANDLE may fail to increment the reference count of a node. In this case, the target proc normally releas...

SUSE CVE-2022-49939

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of ref-proc caused by race condition A transaction of type BINDERTYPEWEAKHANDLE can fail to increment the reference for a node. In this case, the target proc normally releases the failed reference upon close as...

UBUNTU-CVE-2022-49939

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of ref-proc caused by race condition A transaction of type BINDERTYPEWEAKHANDLE can fail to increment the reference for a node. In this case, the target proc normally releases the failed reference upon close as...

SUSE CVE-2024-56553

In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc-deliveredfreeze If a freeze notification is cleared with BCCLEARFREEZENOTIFICATION before calling binderfreezenotificationdone, then it is detached from its reference e.g. ref-freeze but the work remai...

DEBIAN-CVE-2024-56553

In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc-deliveredfreeze If a freeze notification is cleared with BCCLEARFREEZENOTIFICATION before calling binderfreezenotificationdone, then it is detached from its reference e.g. ref-freeze but the work remai...

CVE-2024-56553

In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc-deliveredfreeze If a freeze notification is cleared with BCCLEARFREEZENOTIFICATION before calling binderfreezenotificationdone, then it is detached from its reference e.g. ref-freeze but the work remai...

UBUNTU-CVE-2024-56553

In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc-deliveredfreeze If a freeze notification is cleared with BCCLEARFREEZENOTIFICATION before calling binderfreezenotificationdone, then it is detached from its reference e.g. ref-freeze but the work remai...

CVE-2024-56555 binder: fix OOB in binder_add_freeze_work()

In the Linux kernel, the following vulnerability has been resolved: binder: fix OOB in binderaddfreezework In binderaddfreezework we iterate over the proc-nodes with the proc-innerlock held. However, this lock is temporarily dropped to acquire the node-lock first lock nesting order. This can race...

DEBIAN-CVE-2024-46867

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in showmeminfo There is a real deadlock as well as sleeping in atomic bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix...

UBUNTU-CVE-2024-46867

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in showmeminfo There is a real deadlock as well as sleeping in atomic bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix...

SUSE CVE-2023-52609

In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput and doexit Task A calls binderupdatepagerange to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmgetnotzero first. This can race with Task ...

DEBIAN-CVE-2023-52609

In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput and doexit Task A calls binderupdatepagerange to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmgetnotzero first. This can race with Task ...