kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM subsystem. An authenticated local attacker could exploit a Use-After-Free UAF vulnerability in the /proc/net/atm/lec handling. This flaw occurs due to improper devput calls without prior devhold calls, leading to an imbalance i...

CVE-2026-23192

In the Linux kernel, the following vulnerability has been resolved: linkwatch: use devput in callers to prevent UAF After linkwatchdodev calls devput to release the linkwatch reference, the device refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees an empt...

CVE-2025-38542

In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix device refcount leak in atrtrcreate When updating an existing route entry in atrtrcreate, the old device reference was not being released before assigning the new device, leading to a device refcount leak. Fix...

SUSE CVE-2025-38542

In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix device refcount leak in atrtrcreate When updating an existing route entry in atrtrcreate, the old device reference was not being released before assigning the new device, leading to a device refcount leak. Fix...

CVE-2025-38542

CVE-2025-38542 affects the Linux kernel net: appletalk path atrtr_create. A device refcount leak occurred when updating an existing route entry: the old device reference was not released before assigning the new device. The fix releases the previous reference with dev_put() before taking the new ...

CVE-2025-38542 net: appletalk: Fix device refcount leak in atrtr_create()

In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix device refcount leak in atrtrcreate When updating an existing route entry in atrtrcreate, the old device reference was not being released before assigning the new device, leading to a device refcount leak. Fix...

CVE-2025-38180 net: atm: fix /proc/net/atm/lec handling

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against devlec changes. It appears it had devput calls without prior devhold, leading to imbalance and UAF...

CVE-2022-49127

CVE-2022-49127 is a Linux kernel vulnerability fix where the ref_tracker use-after-free detection was added. The patch marks the ref_tracker_dir as dead during ref_tracker_dir_init() and checks this dead status from ref_tracker_alloc() and ref_tracker_free(), aiming to detect buggy dev_put()/dev_...

CVE-2021-47555

In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the realdev refcnt Inject error before devholdrealdev in registervlandev, and execute the following testcase: ip link add dev dummy1 type dummy ip link add name dummy1.100 link dummy1 type vlan id 100...

CVE-2021-47555

In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the realdev refcnt Inject error before devholdrealdev in registervlandev, and execute the following testcase: ip link add dev dummy1 type dummy ip link add name dummy1.100 link dummy1 type vlan id 100...

CVE-2024-26898

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmdcfgpkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmdcfgpkts function...

UBUNTU-CVE-2024-26898

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmdcfgpkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmdcfgpkts function...