38 matches found
CVE-2023-53291 rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale
In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: Stop kfreescalethread threads after unloading rcuscale Running the 'kfreercutest' test case 1 results in a splat 2. The root cause is the kfreescalethread threads continue running after unloading the rcuscale module...
CVE-2025-39783
CVE-2025-39783: Linux kernel PCI endpoint. The configfs group handling in pci_epf_remove_cfs() incorrectly called list_del() on epf_group, which is a list head, causing a slab-use-after-free (KASAN) when tearing down endpoint function drivers with a configfs attribute group. The connected Astra L...
kernel: PCI/pwrctrl: Cancel outstanding rescan work when unregistering
In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Cancel outstanding rescan work when unregistering It's possible to trigger use-after-free here by: a forcing rescanworkfunc to take a long time and b utilizing a pwrctrl driver that may be unloaded for some reason...
CVE-2025-38469 KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls kvmxenschedoppoll does a kmallocarray when a VM polls the host for more than one event channel potr nrports 1. After the kmallocarray, the error paths ne...
kernel: tipc: fix use-after-free Read in tipc_named_reinit
A vulnerability was found in the Linux kernel's Transparent Inter-Process Communication TIPC subsystem, allowing a use-after-free condition during the cleanup process. This issue arises when the kernel's work queue mechanism does not properly synchronize the destruction of TIPC namespaces with th...
UBUNTU-CVE-2025-37878
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARNON!ctx in freeevent for partial init Move the getctxchildctx call and the childevent-ctx assignment to occur immediately after the child event is allocated. Ensure that childevent-ctx is non-NULL before any...
SUSE CVE-2022-49821
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDNdspelementregister Afer commit 1fa5ae857bb1 "driver core: get rid of struct device's busid string array", the name of device is allocated dynamically, use putdevice to give up the reference...
SUSE CVE-2023-53072
In the Linux kernel, the following vulnerability has been resolved: mptcp: use the workqueue to destroy unaccepted sockets Christoph reported a UaF at token lookup time after having refactored the passive socket initialization part: BUG: KASAN: use-after-free in tokenbucketbusy+0x253/0x260 Read o...
DEBIAN-CVE-2022-49915
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDNregisterdevice Afer commit 1fa5ae857bb1 "driver core: get rid of struct device's busid string array", the name of device is allocated dynamically, add putdevice to give up the reference, so...
UBUNTU-CVE-2022-49821
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDNdspelementregister Afer commit 1fa5ae857bb1 "driver core: get rid of struct device's busid string array", the name of device is allocated dynamically, use putdevice to give up the reference...
AZL-59879 CVE-2025-22005 affecting package kernel for versions less than 6.6.85.1-2
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhcpcpurthoutput in fibchecknhv6gw. fibchecknhv6gw expects that fib6nhinit cleans up everything when it fails. Commit 7dd73168e273 "ipv6: Always allocate pcpu memory in a fib6nh" moved fibnhcommoninit before...
SUSE CVE-2025-21677
In the Linux kernel, the following vulnerability has been resolved: pfcp: Destroy device along with udp socket's netns dismantle. pfcpnewlink links the device to a list in devnetdev instead of net, where a udp tunnel socket is created. Even when net is removed, the device stays alive on devnetdev...
SUSE CVE-2024-50037
In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Only cleanup deferred I/O if necessary Commit 5a498d4d06d6 "drm/fbdev-dma: Only install deferred I/O if necessary" initializes deferred I/O only if it is used. drmfbdevdmafbdestroy however calls fbdeferrediocleanup...
AZL-51193 CVE-2024-49877 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible null-ptr-deref in ocfs2setbufferuptodate When doing cleanup, if flags without OCFS2BHREADAHEAD, it may trigger NULL pointer dereference in the following ocfs2setbufferuptodate if bh is NULL...
AZL-50746 CVE-2024-47693 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix ibcachesetupone error flow cleanup When ibcacheupdate return an error, we exit ibcachesetupone instantly with no proper cleanup, even though before this we had already successfully done gidtablesetupone, that results...
FreeBSD 安全漏洞
FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD that stems from the fact that when mounting a remote filesystem using NFS, the kernel does not clean up the remotely supplied filename, which can lead to proxy problems...
PT-2024-33742
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: The issue arises from the Linux kernel's handling of GPU device initialization, specifically in the drm/msm/adreno component. In certain cases, such as when speedbin data is present in the...
UBUNTU-CVE-2021-47078
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxeqpdocleanup relies on valid pointer values in QP for the properly created ones, but in case rxeqpfrominit failed it was filled with garbage and caused tot the following error...