14 matches found
EUVD-2023-60116
In the Linux kernel, the following vulnerability has been resolved: bpf: Zeroing allocated object from slab in bpf memory allocator Currently the freed element in bpf memory allocator may be immediately reused, for htab map the reuse will reinitialize special fields in map value e.g., bpfspinlock...
CVE-2023-53790
In the Linux kernel, the following vulnerability has been resolved: bpf: Zeroing allocated object from slab in bpf memory allocator Currently the freed element in bpf memory allocator may be immediately reused, for htab map the reuse will reinitialize special fields in map value e.g., bpfspinlock...
CVE-2023-53790
Summary of CVE-2023-53790 (Linux kernel) : The vulnerability arises from the bpf memory allocator’s handling of freed objects in slab memory. Freed elements can be immediately reused, and for preallocated or non-preallocated htab maps this may cause reinitialization of special fields in map value...
PT-2025-49650
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0+ 1 Description The Linux kernel contains an issue in the bpf memory allocator where a freed element may be immediately reused. For htab maps, this reuse can reinitialize special fields in map values, but...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel that stems from the slab allocator failing to update the TID when freeing a CPU slab, which could result in...
kernel: gfs2: Fix potential glock use-after-free on unmount
A vulnerability was found in the Linux kernel within the gfs2 component, where potential use-after-free issues could occur on unmount. When DLM lockspaces are released with remaining locks, callbacks for asynchronous lock contention may access freed objects, causing unexpected behavior...
SUSE CVE-2021-23995
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
CVE-2022-1419
The root cause of this vulnerability is that the ioctl$DRMIOCTLMODEDESTROYDUMB can decrease refcount of drmvgemgemobject created in vgemgemdumbcreate concurrently, and vgemgemdumbcreate will access the freed drmvgemgemobject...
UBUNTU-CVE-2021-23995
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
Mozilla: Use-after-free with widget listener (MFSA 2018-03)
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefo...
Xerces DTDScanner Memory Misreference Vulnerability
Xerces is the United States Apache Apache Software Foundation of an open source XML document parsing project , but also an open source XML syntax parser , it is currently available in a variety of languages , including JAVA, C++, PERL, COM and so on. A memory misreference vulnerability exists in...
LiveConnect crash finalizing JS objects — Mozilla
Steven Michaud reported a crash in LiveConnect, the bridge code that allows Java applets and web JavaScript to communicate. The crash is due to re-use of an already-freed object and we presume this could be exploited with enough effort...
CVE-2006-0293
The function allocation code jsNewFunction in jsfun.c in Firefox 1.5 allows attackers to cause a denial of service memory corruption and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects...
CVE-2006-0293
The function allocation code jsNewFunction in jsfun.c in Firefox 1.5 allows attackers to cause a denial of service memory corruption and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects...