23 matches found
CVE-2026-52971
In the Linux kernel, the following vulnerability has been resolved: net: ena: PHC: Fix potential use-after-free in gettimestamp Move the phc-active check and resp pointer assignment to after acquiring the spinlock. Previously, phc-active was checked without holding the lock, and resp was cached...
PT-2026-51865
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the get timestamp function of the ENA network driver. The problem occurs because the phc-active check and the assignment of the resp pointer were perform...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - dm cache: Fixed UAF in the destroy function. - Dmcache also has the same UAF issue when dmresume and dmdestroy are executed concurrently. Therefore, the timer is canceled again in the destroy function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommufd: IOMMUFDDESTROY should not increment the refcount. syzkaller identified a race condition where IOMMUFDDESTROY increments the refcount: c obj = iommufdgetobjectucmd-ictx, cmd-id, IOMMUFDOBJANY; if ISERRobj return PTRERRobj...
PT-2025-54064
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the PCI/DOE subsystem related to the destroy work on stack function. This issue occurs when destroy work on stack is called after signaling completion in the...
CVE-2023-53795
In the Linux kernel, the following vulnerability has been resolved: iommufd: IOMMUFDDESTROY should not increase the refcount syzkaller found a race where IOMMUFDDESTROY increments the refcount: obj = iommufdgetobjectucmd-ictx, cmd-id, IOMMUFDOBJANY; if ISERRobj return PTRERRobj;...
SUSE CVE-2025-39932
In the Linux kernel, the following vulnerability has been resolved: smb: client: let smbddestroy call disableworksync&info-postsendcreditswork In smbddestroy we may destroy the memory so we better wait until postsendcreditswork is no longer pending and will never be started again. I actually just...
CVE-2022-50496 dm cache: Fix UAF in destroy()
In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy Dmcache also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in destroy...
CVE-2022-50496 dm cache: Fix UAF in destroy()
In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy Dmcache also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in destroy...
AZL-75327 CVE-2025-39932 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: smb: client: let smbddestroy call disableworksync&info-postsendcreditswork In smbddestroy we may destroy the memory so we better wait until postsendcreditswork is no longer pending and will never be started again. I actually just...
kernel: drm/i915/vma: Fix UAF on destroy against retire race
A use-after-free flaw was found in drivers/gpu/drm/i915/i915vma.c in the Linux kernel that may lead to a crash...
DEBIAN-CVE-2023-53021
In the Linux kernel, the following vulnerability has been resolved: net/sched: schtaprio: fix possible use-after-free syzbot reported a nasty crash 1 in nettxaction which made little sense until we got a repro. This repro installs a taprio qdisc, but providing an invalid TCARATE attribute...
AZL-54642 CVE-2024-53100 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...
DEBIAN-CVE-2024-53100
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...
CVE-2024-53100 nvme: tcp: avoid race between queue_lock lock and destroy
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...
kernel: drm/i915/vma: Fix UAF on destroy against retire race
A use-after-free flaw was found in drivers/gpu/drm/i915/i915vma.c in the Linux kernel that may lead to a crash...
DEBIAN-CVE-2024-49943
In the Linux kernel, the following vulnerability has been resolved: drm/xe/gucsubmit: add missing locking in wedgedfini Any non-wedged queue can have a zero refcount here and can be running concurrently with an async queue destroy, therefore dereferencing the queue ptr to check wedge status after...
kernel: drm/i915/vma: Fix UAF on destroy against retire race
A use-after-free flaw was found in drivers/gpu/drm/i915/i915vma.c in the Linux kernel that may lead to a crash...
kernel: drm/i915/vma: Fix UAF on destroy against retire race
A use-after-free flaw was found in drivers/gpu/drm/i915/i915vma.c in the Linux kernel that may lead to a crash...
DEBIAN-CVE-2024-42152
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmetsqdestroy we capture sq-ctrl early and if it is non-NULL we know that a ctrl was allocated in the admin connect request handler and we need to release...