18 matches found
CVE-2022-49934
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211scanrx ieee80211scanrx tries to access scanreq-flags after a null check, but a UAF is observed when the scan is completed and ieee80211scancompleted executes, which then calls cfg80211scandone...
CBL Mariner 2.0 Security Update: kernel (CVE-2025-21727)
"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21727 advisory. - In the Linux kernel, the following vulnerability has been resolved: padata: fix UAF in padatareorder A bug...
CVE-2022-49291
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hwparams and hwfree calls Currently we have neither proper check nor protection against the concurrent calls of PCM hwparams and hwfree ioctls, which may result in a UAF. Since the existing P...
CVE-2024-49903
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uaf in dbFreeBits syzbot reported ================================================================== BUG: KASAN: slab-use-after-free in mutexlockcommon kernel/locking/mutex.c:587 inline BUG: KASAN: slab-use-after-free in...
CVE-2024-50047 smb: client: fix UAF in async decryption
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...
CVE-2024-46858 mptcp: pm: Fix uaf in __timer_delete_sync
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in timerdeletesync There are two paths to access mptcppmdeladdtimer, result in a race condition: CPU1 CPU2 ==== ==== netrxaction napipoll netlinksendmsg napipoll netlinkunicast processbacklog netlinkunicastkern...
CVE-2024-46798 ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for sndsocpcmruntime object When using kernel with the following extra config, - CONFIGKASAN=y - CONFIGKASANGENERIC=y - CONFIGKASANINLINE=y - CONFIGKASANVMALLOC=y - CONFIGFRAMEWARN=4096 kernel detects that...
CVE-2024-46798
In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for sndsocpcmruntime object When using kernel with the following extra config, - CONFIGKASAN=y - CONFIGKASANGENERIC=y - CONFIGKASANINLINE=y - CONFIGKASANVMALLOC=y - CONFIGFRAMEWARN=4096 kernel detects that...
CVE-2024-46740
In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lac...
CVE-2024-38545
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xalock to protect the CQ...
CVE-2024-38545
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xalock to protect the CQ...
CVE-2024-26939 drm/i915/vma: Fix UAF on destroy against retire race
In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. 161.359441 ODEBUG: free active...
SUSE SLES15 Security Update : kernel (Live Patch 3 for SLE 15 SP5) (SUSE-SU-2024:1405-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1405-1 advisory. - A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events perf component can be exploited to achieve loc...
GSD-2023-1000925 dm clone: Fix UAF in clone_dtr()
dm clone: Fix UAF in clonedtr This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit 856edd0e92f3fe89606b704c86a93daedddfe6ec, it wa...
GSD-2022-1006999 mm: hugetlb: fix UAF in hugetlb_handle_userfault
mm: hugetlb: fix UAF in hugetlbhandleuserfault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...
UVI-2021-1002168 can: peak_pci: peak_pci_remove(): fix UAF
can: peakpci: peakpciremove: fix UAF This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15 by commit 949fe9b35570361bc6ee2652f89a0561b26eec98, i...
GSD-2021-1001936 can: peak_pci: peak_pci_remove(): fix UAF
can: peakpci: peakpciremove: fix UAF This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.288 by commit 447d44cd2f67a20b596ede3ca3cd67086dfd9ca9...
GSD-2021-1001568 blktrace: Fix uaf in blk_trace access after removing by sysfs
blktrace: Fix uaf in blktrace access after removing by sysfs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.209 by commit...