CVE-2024-43049

CVE-2024-43049 describes memory corruption when user-space IOCTLs attempt to set a generic private command in a WLAN driver. The issue is reported across multiple feeds (NVD/Red Hat/CIRCL) and centers on the IOCTL path in the WLAN driver, with a high impact in CVSS terms (Local access, Low comple...

CVE-2024-43049 Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Windows Host

Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates when calling IOCTL calls from user space to issue factory test commands in the WLAN driver, which may result in memory corruption if these commands are n...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow The sanitizer reports the following issues: 62.982337 ------------ Cut here ------------ 62.985692 cgroup:...

CVE-2017-9711

Certain unprivileged processes are able to perform IOCTL calls...

CVE-2017-9711 Permissions, Privileges, and Access Controls in Data

Certain unprivileged processes are able to perform IOCTL calls...

CVE-2024-53086

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Drop VM dma-resv lock on xesyncinfenceget failure in exec IOCTL Upon failure all locks need to be dropped before returning to the user. cherry picked from commit 7d1a4258e602ffdce529f56686925034c1b3b095...

CVE-2024-53087

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix possible exec queue leak in exec IOCTL In a couple of places after an exec queue is looked up the exec IOCTL returns on input errors without dropping the exec queue ref. Fix this ensuring the exec queue ref is dropped...

SUSE CVE-2024-53086

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Drop VM dma-resv lock on xesyncinfenceget failure in exec IOCTL Upon failure all locks need to be dropped before returning to the user. cherry picked from commit 7d1a4258e602ffdce529f56686925034c1b3b095...

CVE-2024-53087 drm/xe: Fix possible exec queue leak in exec IOCTL

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix possible exec queue leak in exec IOCTL In a couple of places after an exec queue is looked up the exec IOCTL returns on input errors without dropping the exec queue ref. Fix this ensuring the exec queue ref is dropped...

CVE-2024-53087

Technical details about CVE-2024-53087 are not provided in the connected documents. The initial description includes a summary but no publishable technical specifics (affected versions, impact, or fixes) in the supplied sources. Monitor for updates.

CVE-2024-53086 drm/xe: Drop VM dma-resv lock on xe_sync_in_fence_get failure in exec IOCTL

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Drop VM dma-resv lock on xesyncinfenceget failure in exec IOCTL Upon failure all locks need to be dropped before returning to the user. cherry picked from commit 7d1a4258e602ffdce529f56686925034c1b3b095...

DEBIAN-CVE-2024-50289

In the Linux kernel, the following vulnerability has been resolved: media: av7110: fix a spectre vulnerability As warned by smatch: drivers/staging/media/av7110/av7110ca.c:270 dvbcaioctl warn: potential spectre issue 'av7110-cislot' w local cap There is a spectre-related vulnerability at the code...

PT-2025-8817

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential issue in the Linux kernel has been identified, related to the msm ioctl gem submit function. Specifically, the submit-cmdi.size and submit-cmdi.offset variables, which are u3...

kernel: drm/amdgpu: use-after-free vulnerability

A failure flaw was found in the Linux kernel’s AMDGPU driver in how a user sends ioctl with an invalid address and size when using the AMD GPU. This flaw allows a local user to crash the system...

kernel: drm/amdgpu: use-after-free vulnerability

A failure flaw was found in the Linux kernel’s AMDGPU driver in how a user sends ioctl with an invalid address and size when using the AMD GPU. This flaw allows a local user to crash the system...

kernel: block: fix overflow in blk_ioctl_discard()

In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blkioctldiscard There is no check for overflow of 'start + len' in blkioctldiscard. Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len = 0x8000000000fff000...

kernel: arp: Prevent overflow in arp_req_get().

A vulnerability was found in the arpreqget function in the Linux kernel when handling the SIOCGARP ioctl input/output control request. This function copies data over into a fixed-length buffer which could result in a buffer overflow and cause memory corruption, undefined behavior, or crashes...

CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of block device file in btrfsfreeextradevids Mounting btrfs from two images which have the same one fsid and two different devuuids in certain executing order may trigger an UAF for variable...

CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of block device file in btrfsfreeextradevids Mounting btrfs from two images which have the same one fsid and two different devuuids in certain executing order may trigger an UAF for variable...