curl: Use-after-free in `curl_easy_ssls_export()` during callback re-entrancy

Summary: curleasysslsexport iterates the SSL session list and invokes a caller-provided callback for each entry. If that callback calls curleasysslsimport on the same easy handle, the import path can evict and free the current session node while the export loop still holds it. The subsequent...

CVE-2023-53621

CVE-2023-53621: Linux kernel memcg/memcontrol bug could cause a NULL pointer dereference during eviction if the memcg retrieved by the stored id is not the original one. Impact is local, with a high base score (7.8) and local access required. The issue stems from eviction recency checks in mem_cg...

EUVD-2025-32787

In the Linux kernel, the following vulnerability has been resolved: memcontrol: ensure memcg acquired by id is properly set up In the eviction recency check, we attempt to retrieve the memcg to which the folio belonged when it was evicted, by the memcg id stored in the shadow entry. However, ther...

UBUNTU-CVE-2025-39743

In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is 0 The fileset value of the inode copy from the disk by the reproducer is AGGRRESERVEDI. When executing evict, its hard link number is 0, so its inode pages are not truncated. This...