28 matches found
EUVD-2026-32778
In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...
CVE-2026-31769
In the Linux kernel, the following vulnerability has been resolved: gpib: fix use-after-free in IO ioctl handlers The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the descriptor via...
CVE-2026-31769
In the Linux kernel, the following vulnerability has been resolved: gpib: fix use-after-free in IO ioctl handlers The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the descriptor via...
PT-2026-36404
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the gpib driver's IO ioctl handlers. The 'IBRD', 'IBWRT', 'IBCMD', and 'IBWAIT' ioctl handlers utilize a gpib descriptor pointer after the board-big gpib...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992723)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992723 advisory. In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first...
CVE-2025-39908 net: dev_ioctl: take ops lock in hwtstamp lower paths
In the Linux kernel, the following vulnerability has been resolved: net: devioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13...
CVE-2025-39908
In the Linux kernel, the following vulnerability has been resolved: net: devioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13...
CVE-2022-50314
In the Linux kernel, the following vulnerability has been resolved: nbd: Fix hung when signal interrupts nbdstartdeviceioctl syzbot reported hung task 1. The following program is a simplified version of the reproducer: int mainvoid int sv2, fd; if socketpairAFUNIX, SOCKSTREAM, 0, sv recvthreads =...
CVE-2022-50314
The CVE-2022-50314 issue affects the Linux kernel nbd subsystem. When a signal interrupts nbd_start_device_ioctl() while waiting for inflight I/Os to complete, a hung task could occur. The fix clears the queue (not just shutdown) on signal interruption to nbd_start_device_ioctl(), mitigating the ...
CVE-2022-50314 nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
In the Linux kernel, the following vulnerability has been resolved: nbd: Fix hung when signal interrupts nbdstartdeviceioctl syzbot reported hung task 1. The following program is a simplified version of the reproducer: int mainvoid int sv2, fd; if socketpairAFUNIX, SOCKSTREAM, 0, sv recvthreads =...
PT-2025-37616
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the network block device nbd module. A hung task can occur when a signal interrupts the nbd start device ioctl function while it is waiting for ...
Linux Distros Unpatched Vulnerability : CVE-2025-37741
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: Prevent copying of nlink with value 0 from disk inode syzbot report a deadlock in diFree. 1 When calling ioctl$LOOPSETSTATUS64, the offset value passed in...
DEBIAN-CVE-2025-37741
In the Linux kernel, the following vulnerability has been resolved: jfs: Prevent copying of nlink with value 0 from disk inode syzbot report a deadlock in diFree. 1 When calling "ioctl$LOOPSETSTATUS64", the offset value passed in is 4, which does not match the mounted loop device, causing the...
CVE-2025-22111
In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to devioctl first and later forwarded to brioctlcall, which causes unnecessary RTNL dance and the splat below 0 under RTNL pressure. Let's say Thread A...
OESA-2025-1317 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrlcdevioctl and ubicdevioctl Hulk Robot reported a KASAN report about use-after-free:...
SUSE CVE-2021-47634
In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrlcdevioctl and ubicdevioctl Hulk Robot reported a KASAN report about use-after-free: ================================================================== BUG: KASAN: use-after-free in...
SUSE CVE-2010-4162
Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service system crash via a crafted device ioctl to a SCSI device...
kernel: Use-after-free in snd_seq_ioctl_create_port()
A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation...
Code injection
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD3rd Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash...
CVE-2018-11019
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD3rd Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash...