Lucene search
+L

20 matches found

redhat
redhat
added 2026/05/26 6:6 a.m.16 views

kernel: proc: fix UAF in proc_get_inode()

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

7.8CVSS6.4AI score0.002EPSS
Exploits0References5
osv
osv
added 2026/05/05 3:23 p.m.2 views

CVE-2026-43063 xfs: don't irele after failing to iget in xfs_attri_recover_work

In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfsattrirecoverwork xlogrecoveryiget never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that...

7.8CVSS6.5AI score0.00126EPSS
Exploits0References7
redos
redos
added 2026/01/20 12:0 a.m.6 views

ROS-20260120-7368

A vulnerability in the procgetinode function of the Linux operating system kernel is related to a memory leak. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.8CVSS6.8AI score0.002EPSS
Exploits0
redhatcve
redhatcve
added 2026/01/14 11:50 p.m.7 views

CVE-2025-68820

A NULL pointer dereference vulnerability was found in the Linux kernel's ext4 filesystem extended attribute handling. When ext4getinodeloc fails with an error such as -EFSCORRUPTED, the iloc.bh buffer head remains NULL. The ext4xattrinodedecrefall function lacks error checking and proceeds to cal...

5.5CVSS5.5AI score0.00177EPSS
Exploits0References4
nvd
nvd
added 2026/01/13 4:16 p.m.4 views

CVE-2025-68820

In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4rawinode If ext4getinodeloc fails e.g. if it returns -EFSCORRUPTED, iloc.bh will remain set to NULL. Since ext4xattrinodedecrefall lacks error checking, this will lead to a null pointer...

0.00177EPSS
Exploits0References8
ubuntucve
ubuntucve
added 2026/01/13 4:16 p.m.6 views

CVE-2025-68820

In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4rawinode If ext4getinodeloc fails e.g. if it returns -EFSCORRUPTED, iloc.bh will remain set to NULL. Since ext4xattrinodedecrefall lacks error checking, this will lead to a null pointer...

5.9AI score0.00177EPSS
Exploits0References37
ptsecurity
ptsecurity
added 2026/01/13 12:0 a.m.9 views

PT-2026-2552

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's ext4 implementation related to extended attribute handling. Specifically, a null pointer dereference can occur within the ext4 raw inode function if...

5.3AI score0.00177EPSS
Exploits0
osv
osv
added 2025/10/03 7:56 p.m.6 views

RLSA-2025:9348 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: proc: fix UAF in procgetinode CVE-2025-21999 kernel: ext4: fix off-by-one error in dosplit CVE-2025-23150 kernel: ext4: ignore xattrs past end CVE-2025-37738 For more details about the...

7.1CVSS6.4AI score0.002EPSS
Exploits0References4
rocky
rocky
added 2025/10/03 7:56 p.m.8 views

kernel security update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

7.8CVSS6.5AI score0.002EPSS
Exploits0
suse
suse
added 2025/09/10 1:33 p.m.5 views

Security update for the Linux Kernel (Live Patch 55 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059198 fixes several issues. The following security issues were fixed: CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF bsc1237930. CVE-2025-38001: netsched: hfsc: Address reentrant...

8.5CVSS7.5AI score0.00369EPSS
Exploits3References24
osv
osv
added 2025/08/22 4:0 p.m.6 views

CVE-2025-38653 proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et.al Check pde-procops-proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen after commit 654b33ada4ab"proc: fix UAF in...

7.8CVSS7.3AI score0.00153EPSS
Exploits0References10
cvelist
cvelist
added 2025/08/22 4:0 p.m.9 views

CVE-2025-38653 proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et.al Check pde-procops-proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen after commit 654b33ada4ab"proc: fix UAF in...

0.00153EPSS
Exploits0References6
astralinux
astralinux
added 2025/06/16 11:28 a.m.1 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

7.8CVSS6.4AI score0.002EPSS
Exploits0References3
redhat
redhat
added 2025/06/16 9:1 a.m.6 views

kernel: proc: fix UAF in proc_get_inode()

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

7.8CVSS6.3AI score0.002EPSS
Exploits0References5
osv
osv
added 2025/04/03 8:15 a.m.9 views

AZL-59651 CVE-2025-21999 affecting package kernel for versions less than 6.6.85.1-2

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

7.8CVSS6.3AI score0.002EPSS
Exploits0References1
osv
osv
added 2025/04/03 8:15 a.m.9 views

AZL-59604 CVE-2025-21999 affecting package kernel for versions less than 5.15.180.1-1

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

7.8CVSS6.5AI score0.002EPSS
Exploits0References1
osv
osv
added 2025/04/03 8:15 a.m.4 views

UBUNTU-CVE-2025-21999

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

7.8CVSS6.2AI score0.002EPSS
Exploits0References39
cvelist
cvelist
added 2025/04/03 7:19 a.m.21 views

CVE-2025-21999 proc: fix UAF in proc_get_inode()

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

0.002EPSS
Exploits0References7
cnnvd
cnnvd
added 2025/04/03 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in procgetinode...

7.8CVSS6.6AI score0.002EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2025/01/01 12:0 a.m.3 views

PT-2025-34414

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free UAF issue exists in the proc file system. A direct check of pde-proc ops-proc lseek may lead to a UAF condition during a rmmod scenario. This is due to a gap in proc r...

7.8CVSS7AI score0.00153EPSS
Exploits0
Rows per page
Query Builder