104 matches found
CVE-2026-11623
A flaw was found in tmux. A local attacker could exploit a use-after-free vulnerability in the imagefree function, potentially leading to information disclosure or denial of service. Exploitation of this flaw is considered difficult due to its high complexity...
CVE-2026-45853
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in amdgpugmcgetnpsmemranges amdgpudiscoverygetnpsinfo internally allocates memory for ranges using kvcalloc, which may use vmalloc for large allocation. Using kfree to release vmalloc memor...
Astra Linux - уязвимость в qemu
A flaw was discovered in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. This flaw occurs when dropping packets during a bulk transfer from a SPICE client, due to the packet queue being full. A malicious SPICE client could exploit this flaw to call the free function in...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
A Null pointer dereference problem was detected in idafree in lib/idr.c within the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a lack of proper checks at function returns...
kernel: scsi: qla2xxx: Fix improper freeing of purex item
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: The parent reference count is dropped after pdfreefn is called. Some cgroup policies will access the parent PD through the child PD even after pdofflinefn is called. If pdfreefn for the parent is called before that fo...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in checkfunccall kmemleak reports this issue: unreferenced object 0xffff88817139d000 size 2048: comm "testprogs", pid 33246, jiffies 4307381979 age 45851.820s hex dump first 32 bytes: 01 00 00 00 00 00 00 00...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: fixed a memory leak in parseapplysbmountoptions If processing the disk-mounted options fails after any memory has been allocated in the ext4FS context, such as for sqfnames, then this memory is leaked. This issue was...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double-free on error. The error handling path in itsvpeirqdomainalloc causes a double-free when itsvpeinit fails after successfully allocating at least one interrupt. This occurs because...
CVE-2026-32864 Out-of-Bounds Read in mgcore_SH_25_3!aligned_free()
There is a memory corruption vulnerability due to an out-of-bounds read in mgcoreSH253!alignedfree in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file...
NI LabVIEW 安全漏洞
NI LabVIEW is a graphical programming platform developed by National Instruments. Versions of NI LabVIEW prior to 2026 Q1 26.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the mgcoreSH253!alignedfree function, where out-of-bounds reading of memory led to potential...
EUVD-2026-18110
A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...
CVE-2026-5316
A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...
EUVD-2025-206604
Memory Corruption when user space address is modified and passed to memfree API, causing kernel memory to be freed inadvertently...
CVE-2023-4883
Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF Virtual Network Function, and triggering the ogssbimessagefree function, which could cause a...
EUVD-2023-60338
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: dropping parent refcount after pdfreefn is done Some cgroup policies will access parent pd through child pd even after pdofflinefn is done. If pdfreefn for parent is called before child, then UAF can be triggered. Hen...
CVE-2023-54107
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: dropping parent refcount after pdfreefn is done Some cgroup policies will access parent pd through child pd even after pdofflinefn is done. If pdfreefn for parent is called before child, then UAF can be triggered. Hen...
CVE-2023-54088
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: hold queuelock when removing blkg-qnode When blkg is removed from q-blkglist from blkgfreeworkfn, queuelock has to be held, otherwise, all kinds of bugslist corruption, hard lockup, .. can be triggered from...
UBUNTU-CVE-2023-54107
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: dropping parent refcount after pdfreefn is done Some cgroup policies will access parent pd through child pd even after pdofflinefn is done. If pdfreefn for parent is called before child, then UAF can be triggered. Hen...
CVE-2023-54107
CVE-2023-54107 affects the Linux kernel blk-cgroup path, where a use-after-free could occur if the parent’s refcount is dropped before the child’s pd_free_fn(). The provided documents state the issue arises when the parent blkg refcount is dropped in __blkg_release() before pd_free_fn() is called...